If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

NHS IT: Over budget, overdue and unpopular | The Register

Yet more news about the Government’s wonderful ability to run IT projects. I’ve previously mentioned that I picked up the book “Plundering the Public Sector” (and I’m STILL not finished it and I WILL review it properly when I do!) where there’s a lot of detail about the failings of such things and looking at the root causes.

My biggest interest in this is that the modernisation of the NHS IT systems is the largest IT project ever undertaken. Unfortunately there’s a bigger one in the pipeline, which will be run by the same people, involve the usual suspects and most likely go over budget and behind schedule by a similarly proportioned amount. No need to mention which it is…

Emergent Chaos: Compartmentalization of Identity

This is in effect what I was trying to say here and it’s a very important part of why an ID Card system on the scale the Government is attempting to force through will be doomed to failure. I had a very similar discussion IRL a few days ago with someone who is favour of ID cards (in principal) and I don’t think the scale of this is fully appreciated.

Quite simply - the data revealed by a scan of my ID should be different, depending on what I’m doing at the time AND who the reader is. Obviously my doctor should be able to read different information from that of my local policeman, which will be completely different from the barman who needs only to verify my age (this is law 2 of Kim Cameron’s laws of identity). The fact that the police should also be limited in what they can read under any situation is also going to be vital… Additionally if I’m operating in the course of my business then personal information shouldn’t be revealed, but my business details could be. The context HAS to work two ways to form a minimum subset of data that can be revealed in a situation.

I’ll definitely be adding “The Presentation of Self in Everyday Life” to my reading list!

A report on the state of the National Identity Register, May 2016

An excellent summary of what will probably happen. No comment required on my part.

JasonKolb.com: My fragmented online identity

I’ve just caught up with this post from the weekend which ties in nicely to my previous post on modelling identity and especially regarding aspects of identity - Jason clearly has at least three aspects to his identity - “public professional”, “public personal” and “private”. What he seems to be looking for is an Identity Provider in the shape of OpenID (or something similar), but it’s going to take a while before something gets enough traction to become a standard. When only a small number of sites are configured to use any particular IdP then the users will remain fragmented - I think this is why the work of Kim Cameron et al is important in defining the meta-system in which Identity Protocols can co-exist.

On the other hand, in some cases it’s useful to have fragmented identity aspects - there’s no reason why even the public aspects of an identity should be linked necessarily - maintaining a seperate personal and professional life can be useful and can help remove any potential liability on an employer (I think employers will want to control more part of their employee’s identities in future). Further, having a single IdP provides a single point of failure or theft - financial institutions will be prevented from using external IdPs and even trivial uses carry risks - without strong authentication. Finally the IdP needs to have a certain level of trust itself (Microsoft Passport / Hailstorm anyone?) as well as maintaining solid infrastructure. This is where having someone like VeriSign as an identity provider will come in useful (how much people trust them is another matter!), but only in conjunction with other equal-footed IdPs whom can be trusted (more like the PGP model of trust than the heirarchical model of PKI). There are going to be issues with how much information is released and verification - individual sites still have a duty to protect members (Age of the user, for example). I think the goal of the whole “user centric identity” bandwagon is to have all identity data in a single silo with individual attributes released specifically by the user for a certain service - this will require a level of education, which frankly I don’t think will happen (we still have issues with spyware, viruses and phishing attacks, all of which are already solved by “identity” implementations, but get ignored).

Authentication is still going to be key, going forward - there’s no point in me having an Identity if I can’t prove it. Likewise, there’s no point in submitting authentication if the receiver can’t quickly, easily and reliably validate it (Look at what happens when Chip & Pin fails - the relying party falls back to an alternative verification method!).

Johannes Ernst’s Blog: What is a good conceptual model for identity data?

This is the first time I’ve seen a reasonably indepth analysis of the way that Identity data can be modelled. Of particular interest is the way that the relationships can be expressed between individuals and organisations and how this fits in to any potential model. One thing that occurred to me whilst reading the article is the way that relationships, and thus identity, change over time - the concept of roles and employer organisations serves as a good example here.

I, obviously, have a relationship with my employer, which serves to initiate trust with potential customers, partners and other employees, in addition to providing a certain set of contact details (mobile phone, office phone, corporate email address). However, once a certain level of trust has been attained, the relationship could carry on independantly of my employer. For instance, I maintain contact with some former colleagues, from multiple companies, but not all. Likewise - not everyone who currently works for the same company as me has my personal contact details, and should one of leave our current employment then our ongoing relationship would effectively be ended, although some aspects of reputation (ie, the history of the relationship) would remain (something such as LinkedIn demonstrate this). This quickly makes maintaining a relationship structure extremely difficult, and after-all, if we’re not defining relationships, then why are we looking for identity.

An example of this is my personal relationship with Paul Toal which is, I’d hope, semi-independant of our professional relationship (also, this serves to demonstrate the power of URL-based identifiers). Paul himself maintains a link from his personal identity to his professional identity (whereas I choose to not make such a direct link public), whilst I have a separate connection to that same professional identity. This is further complicated by the fact that Paul is the same person (as am I), no matter whether we’re in a meeting, sitting in the pub chatting, or blogging/linking to each other - in other words, our identities are the same, but we expose different aspects of them.

This, added to the potential multi-valued nature of any identity attribute (how many phone numbers, email addresses, postal addresses etc does one have? Even something as simple as employer organisation can get messy, as Johannes states - I, as well as having my own job am listed as a director of another, completely unrelated, company) gives further complexity that should be considered in any global identity implementation.

Essentially, the identity-aspect will be determined by context - time and location become paramount in answering the question “Who am I?” (which is a precursor to the question “Who are you?” since the correct response to that is “Who’s asking?”)

Businesspundit: Are Executives in the Porn Industry Smarter Than Executives At Mainstream Movie Studios?

“Who would have thought that porn would turn out to be a better case study on listening to your customers?”

Well, me for a start! The porn industry has always led with distribution methods and technology. History is filled with examples of how, in fact, porn has caused a particular method to be successful, or at the very least, formed a large contribution to its success. The requirements for buying porn are really two-fold -

• anonymity
• ability to view in a preferred way

Home video was helped tremendously by porn (I suspect going back that even the printing press was helped by the equivalent of porn for the time and some of the early movies and photos I’ve been made aware of indicate the same) - for the first time people could view movies in the privacy of their own home…

The Internet has been a godsend for the porn industry - remote, anonymous delivery with no personal contact make it much easier for someone to buy “material” - but so too has the porn industry being a godsend for the Internet (adoption of secure payment systems for a start) so it’s only natural that the industry would be leading the way with media delivery. I think what’s referred to by BusinessPundit is the evolution of this - I’m guessing that people feel self conscious watching porn in front of a PC (those webcams don’t help!) so downloading, burning and watching elsewhere is desired. I think this will herald the failure of content-delivery over the internet, until it is integrated with TV set-top boxes…

Personally, I think the reason for the difference is primarily that of competition, with the addition of a requirement for forward thinking (Vivid is, as far as I’m aware a leader in getting women involved in production and decision making). Hollywood rests on its laurels, whereas someone in porn has to have some sort of edge. Regardless, the salacious habits of man seem to be the reason for the greatest innovations in most areas of life!

Businesspundit: Please Stop With Your Chinese Math

Another post I’ve only just caught up with…

I’d never heard of the term before, but I’ve certainly come across the phenomenon and the complacency it leads to. One thing I’ve seen is companies actually having the niche product, but not taking the opportunity to really drive home the message to customers - usually because of an imagined supremacy which creates the belief that customers will beat a path to their door. Phrases such as “All we need are X customers to develop momentum” and “We have a huge number of potential leads, some of them are bound to strike” have actually being said, but I’d never realised the significance of this and I’ll certainly be more aware of it in future.

Schneier on Security: The Problems with Data Mining

I’m a little late with this as well and many of the interesting points about this have already been made, but something I find really interesting is that the study by Milgram was done in the 60s and we accept the “six degrees of separation” as current. I’m wondering if, in an increasingly connected world, this would still be true. As an example, I’ve never met Bruce Schneier and I’m quite unlikely to, but we’re connected - in a sense, simply by me making this post. In a world where people are deliberately linking themselves to others, there quickly becomes a massive number of links to follow - much more so than traditionally.

Following telephone call links is one thing, but what about e-mail? How quickly could a two-step e-mail have been delivered to hundreds of people? What about blogging? What if a blog was used to transmit messages for a terrorist cell, hidden behind all those pithy, personal posts that people make? (One could keep messages going by switching blogs regularly, but keeping certain key words that a subscriber could search for). The methods of keeping in touch available to anyone in the 21st century are vast and I don’t believe that keeping track of them can be done - at least not without producing a veritable tapestry of false threads.

Schneier wrote in Secrets and Lies: Digital Security in a Networked World that using cryptography would only serve to draw attention to a nefarious user - stenography would be a better alternative if properly done and if done by such an open medium where the poster could literally be anyone, anywhere then tracking such messages would become impossible.

I’ve spent a good couple of days changing the look and feel of the site. Finally I have something I’m reasonably happy with! It’s not quite as busy as before and I think it looks a lot cleaner, whilst retaining the overall “blackness”. I’ve also reduced the number of externally hosted images (the Amazon ones for the LibraryThing catalog are required) which seems to have improved the loading speed of the pages. Finally it seems to look a lot better in IE than it did, although it still looks a LOT better in Firefox.
If there’s anybody out there, I’d appreciate some feedback!

Until yesterday I was having loads of problems FTP’ing from home so I finally decided to sort it out. Turns out it was a problem with the Linksys DG834 wireless hub/DSL router that we use - a simple firmware upgrade (with a nail biting moment in the middle when I couldn’t tell if the thing was restarting!) seems to have fixed it, which is nice. Despite working in IT, I’m always pleasantly surprised when things work out as they are supposed to!