Two separate articles in USA Today caught my eye yesterday. In the first, It was reported that you can buy a complete, albeit spurious, identity for a mere $14. This small article referred to the recently-released Internet Security Threat Report, published by Symantec. Other interesting commentary on this report can be found here and here. As I was scanning the report, I bumped into a new (at least to me) and intriguing term: “underground economy servers,” referring to servers “used by criminals and criminal organizations to sell stolen information, typically for subsequent use in identity theft. This data can include government-issued identity numbers, credit cards, bank cards and personal identification numbers (PINs), user accounts, and email address lists.

Just think – a sinister economy based on phishing for and selling stolen Identities. But instead of secretive, smoke-filled, poorly lit rooms in some back-alley dive, this economy is purring along in modern data centers, right under our collective noses. Sounds downright scary if you stop to think about it.

That leads me to the next article – a larger treatise on the front page of the USA Today Money Section. It seems that two former IRS agents established a couple of obscure corporations right here in the US just to show how easy it is to set up and operate an untraceable money laundering operation without leaving the comfortable confines of the US.

Talk about “underground economy servers!” Just think – the Identity Theft guys could engage the Money Laundering guys and funnel all that money that comes from $14 identity sales out of the country quick as a wink, using the same banking system they are defrauding.

Sounds pretty “underground” to me.

Note: photo from Barron’s Online.

Technorati Tags: Identity,
Digital Identity,
Identity Management,
Identity Theft,
Money Laundering

My colleague Terry Gardner recently proposed an interesting Identity Federation use case. I include his exact words with his permission:

“I wonder if anyone has explored the possibilities associated with federating airline frequent flyer information. Here’s a concrete example:

“Delta, Continental, Northwest, and Air France are four of the members of the SkyTeam alliance. Travelers can earn and use miles/points and utilize airport lounges for any of these (in fact, all members of the SkyTeam alliance). When a traveler books a flight on Northwest, for example, Atlanta to Champaign, but wishes to accumulate Delta SkyMiles instead of Northwest WorldPerks, the traveler must present his SkyMiles information to the gate agent at Northwest, and then follow up after the flights are complete to ensure that mileage is earned and posted on Delta. This does not sound like a big deal, but what if accounts were federated between Delta and Northwest in such a way where the traveler could use SkyMiles and WorldPerks interchangeably at any place where miles are checked, such as web sites, airports, etc.? This would be amazingly powerful and convenient for travelers.

“In other worlds, federate frequent flyer program information between members of alliances.”

Thank, Terry for thinking Federation. The technology works. Now we need to have innovative business ideas to really capture the potential of Identity Federation.

Technorati Tags: Identity,
Digital Identity,
Identity Management,
SkyTeam,
Federation

As I have stated before, many telecommunications carriers and cable operators are seeking new ways to deliver highly personalized, blended services more rapidly that the competition. We met recently with a customer who considered “service orchestration” to be their primariy value-add and market differentiator. Not the basic services. Not the fat data pipes. Orchestration.

Just as an expert conductor can coax magnificent, harmonious music from an orchestra composed of a plethora of musical instruments, this carrier believed that it was the conductor, not the basic insturments, that made the difference.

And yes, of course, the heart of the system was the Sun Directory, which held the most valuable asset – Identities of customers who were authorized to use the orchestrated services.

Beautiful music, indeed.

Technorati Tags: Identity,
Digital Identity,
Identity Management,
Telecommunications

Michelle Dennedy, Sun’s Chief Privacy Officer, recently published an interesting article entitled, “Identity and the Network Are Redefining Old Roles,” headlining the Sun Identity Insights newsletter.

“As Sun’s privacy officer, it’s my job to see to it that the privacy of personal information is protected as data flows through the network.”

“It’s all about identity — seeing to it that one’s identity, and the personally identifiable information associated with it, is kept private and protected when data travels over the network, when that data stops for a rest along the way, and when it is ultimately deleted at the end of its useful lifespan.

Following Michelle’s introductory article is a link to a more meaty piece, a 32-page white paper, “The CIO and CPO – a Vision for Teamwork and Success.”

This paper “provides background on the different perspectives of the IT organization and the privacy office and it offers practical tips for how these two organizations can work together to effectively guard against security and privacy risks.” I particularly liked the how the paper contrasted the perspectives of the CIO and CPO, but suggested specify ways to develop cross-functional understanding and cooperation between the two disciplines.

Technorati Tags: Identity,
Digital Identity,
Identity Management,
Sun Microsystems,
Privacy

Back on September 8, 2005, I blogged about Neogent’s new VIP process and technology for rapid Identity Management system implementation. Now spin the clock forward to February 20. 2007. Sun announced three new service offerings based on that same VIP process/technology. Now called VIDT – Velocity Identity Deployment Tool, this system came to Sun with the acquisition of Neogent in 2006.

It is gratifying to see this technology blossom from an idea in the minds of bright people at Neogent into a system that really works in the real world.

Thanks to my new friend Brian Brannigan, Managing Director of Agreon in Australia, a leading Identity Management implementation firm, who brought the EarthTimes.org article about VIDT to my attention.

Technorati Tags: Identity,
Digital Identity,
Identity Management,
Sun Microsystems,
VIDT,
Neogent,
Agreon

My good friend Terry Sigle will speak today at LinuxWorld on the topic of Identity and Web Service Federation in a Linux Environment. A preview interview with Jack Loftus, news writer for SearchOpenSource.com, can be found here.

Technorati Tags: Identity,
Digital Identity,
Identity Management,
LinuxWorld

Please join me welcoming Martin Gee, Founder and CTO of IC Synergy to the blogosphere. Martin has an exceptionally keen technical mind plus a great sense of what businesses really need. Our customers love it so much when he steps on their site they try to write him by name into Sun’s contracts.

Martin recently demonstrated his Identity moxie by producing a CardSpace authmodule for OpenSSO. How’s that for an announcement on his maiden blog? Martin doesn’t just talk, like I am prone to do. He delivers.

I’m glad you are joining the blogging community, Martin. We look foward to seeing your wisdom on the wire.

Technorati Tags: Identity,
Digital Identity,
Identity Management,
OpenSSO,
CardSpace,
ICSynergy

The Thunderbird email filter worked as designed. It recognized the domain name chase.com and put the incoming email into the correct email folder I had allocated for correspondence from my bank, along with a few other emails I had received since I last checked. In apologetic tones, the email message warned of possible problems with my account and then asked me “To confirm your identity with us, click HERE.

Never mind that the link went to kfunk.net instead of chase.com.

I hate that! The smooth, deceptive methods used by phishers are becoming ever more sophisticated. For someone aware of how the Internet works, it is fairly simple to spot a problem. I can view the URL and determine the domain where the link will take me. But for those unaware, it has become increasingly difficult to know which messages are valid and which are not. Phishing radically undermines email as a trusted method for a company to communicate with its customers.

Just another example of how those with evil intent seek to subvert good things.

Technorati Tags: Identity,
Digital Identity,
Identity Management,
Identity Theft

I have had a minor fixation on acronyms lately. A person’s initials make up their own personal acronym – part of their own personal Identity. You must admit however, that some folks have more interesting initials than others. For example, I noticed that my colleague Dennis Mastin’s initials are DAM. I saw it on his briefcase. Just think, he can say DAM without cursing. He’s only referring to himself.

I grew up in the era when important people, Democrats at least, were known by their initials. Headlines would often blare out JFK, RFK, LBJ or MLK. But nowadays initials are not in vogue. Have you ever heard of WJC or GHWB or GWB? I suppose some initials are more poetic than others.

My wife Claudia’s initials kind of match her given name: CLD. That somehow got transformed into a pet name – CLDhopper or Clodhopper. How’s that for a name to call a pretty lady? But even though the initials suggest it, she is definitely not COLD.

Some people have just just a few initials; others have many. We made sure that each of our kids had precisely three: LMD, HAD, DMD, AMD, ESD, RJD and HMD.

But my dad has only two: KD. He has no middle name. In contrast, a friend of mine from Holland has initials EHHAMB, standing for “Eduardus Hendricus Hubertus Antonius Maria Bodden.” We just call him Ed!

Some people, though are shortchanged. Think of the famous folks who have only one name. Maybe Nene (the basketball player with only one name) shouldn’t feel too bad because he just has one initial. He has plenty of money to make up for it.

I still rue that day I didn’t register my own initials as MGD.com. I probably could have been paid a tidy sum of money by Miller Brewing Company for the use of my initials. But they beat me to the punch. However, you can still reach me through my i-name =MGD. Miller hasn’t come calling for that. Yet.

I’m sure you have your own examples of cool initials. But I challenge you to match my cousin. His name (really) is Glen Odell Dixon. Imagine the initials he put on his briefcase! Or how he signs memos! Or what he could put on his voice mail message! But alas, he didn’t register GOD.com.

Technorati Tags: Identity,
Digital Identity

I learned a new acroynm yesterday. Posted where it could be easily read atop a urinal in the Sun campus in Broomfield, CO, was the acronym LPF with a number I can’t recall. Judging from the context where I found it, I think it means Liters per Flush. I supposed there is a whole subculture of people somewhere who care about that term. 🙂

Have a good weekend!

PS. Given the subject matter, you’ll just have to use your imagination instead of a photo.

Technorati Tags: toilet