If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

Over the past couple of weeks instead of writing posts I’ve been thinking about certain aspects of how “things” interact (it means that I’ve actually got a nice supply of potential posts to write even before I catch up reading everyone else’s stuff).

One thing that has been interesting me is a theme I discussed ages ago - that of different identity personae (I used the word “aspect” previously) and this was triggered again by a comment I saw on the Identity Gang list by Peter Bachman (at least according to my notes!)

The observer is also the creator of identity.

At the time when this was under discussion previously there was a separation of “identity” data and “reputational” data with one of the primary differentiators being that of the origin of the data - paraphrasing someone (apologies, please let me know who it was!)

Identity is data I create for myself; Reputation is data that you create for me

What we’re saying here is that my identity personae have two interfaces - an internal and an external. I can create as much identity data as I like on my internal interface and some of it will be refracted through an external interface, where it is merged with reputational data to create an “image” to a viewer. However, there’s a fundamental blurring of the lines between the two interfaces (I’m thinking that the word “porous” might suit here - only one way, however) - especially when one considers the role of an identity provider where their reputational data about me becomes my identity (or at least one of my personae!) with a little influence from me.

What makes this even more complex is how transactional data can incorporated into a reputation - this is particularly evident when dealing with financial institutions. However, the reputation never feeds back into an internal identity (hence the one-way porous action) (or at least I’m struggling to come up with a serious example).

Almost any system can be described as a “black box” with interfaces (inputs and outputs). Within each system is a set of components, all of which may have interfaces to each other, with their own inputs and outputs - depending on the level of abstraction desired we can describe them in different ways. When it comes to identity we can refer to the subject’s interaction with a system (authentication, authorisation), or interactions within the system itself (attribute exchange) - when the limits of the system end at a human this gets really interesting as we begin bringing in the elements of psychology and philosophy that are related to identity - as mentioned above “identity” can be considered the purely internal elements of what I create for (and how I see) myself. Stumbling across this blurred division is quite interesting - for those of working in the “digital” identity space there’s a culture shock when dealing with what traditional disciplines refer to it as. One place this can be seen is how people tag their books here - “Tag used 1,294 times by 431 users” (at the time of writing!). Identity covers a multitude of sins. This is shown in an even more stark way when one examines the total number of books tagged with “identity” - 790 (approximately), but after the first hundred or so each book listed is tagged with that label only by one user. Clearly “identity” itself means different things to different people!

Looking at the philosophical aspects can be fun but there comes a point (like with most philosophy!) that it becomes a hindrance to actually getting any work done, but one of the delights of working with this is that one can flow along these threads exploring new themes. So much of the discussion (rather than the work) in the digital identity space is around semantics and nomenclature - getting the terms of reference right so that things can progress further - in the meantime OpenID is gaining traction and Cardspace is looking like it could be a success (and we’ve seen interoperability between them) and with a greater convergence to (and within) the “enterprise” space as well.

Whenever there’s convergence of two distinct systems they can start to share interfaces and the boundaries where those are exposed are pushed outwards to interact with new systems - someone needs to understand where they are and how they effect the systems providing the inputs and outputs. Someone also needs to understand what goes on inside the black box.

This afternoon sees England playing Ireland at Croke Park, Dublin. It promises to be an historic occasion in many ways, but not least because of the significance of the place on Bloody Sunday, where British soldiers killed fourteen rebel sympathisers in a day of escalating violence, triggered by the murder of heroic British intelligence officers by the IRA, order by their Chief of Intelligence, Michael Collins (isn’t it amazing how easily emotive words can be used to change history?).

Irish history interests me a lot, but I find the national posturing quite distasteful, especially since most of it has been made up in comparatively recent times - a good deal of what’s considered Irish culture (the language and GAA, for a start) was “created” to actually help stir up the feelings of nationalism - to give the people something to unite behind. The idea that there was ever an historic “Celtic Nation” was actually made up in the eighteenth century for the same reason!

The impact of the sport of Rugby is also interesting here where Ireland is a single team - made up of players from two different countries, with different flags, different national anthems and different currencies. Harmony seems to be achieved by simply not answering the difficult questions and there’s a potential for events today to stir up some of this. Any form of protest will serve to simply cause trouble - outside the ground those sort of people who like to riot will find excuse to do so regardless of their interest in the match should protest marches go ahead. Inside the ground boos and whistles over the British national anthem will not be forgotten quickly.

The impact of the Gaelic sports themselves (headquartered at Croke Park) is also not to underestimated. A purely amateur organisation, supposedly owned and run for the members will receive a HUGE payday (as they did two weeks ago against France) - at some point the elite players are going to ask where this money is going. I’m a fan of Gaelic football and always amazed that the sport isn’t marketed better outside of Ireland - it’s fast paced, exciting, skilful and tough.

Nonetheless - here’s to a good match and an England win, but played in a good spirit that carries outside the ground. Maybe if everyone behaves then machine guns won’t be needed this time.

Nowhere is a national character better demonstrated than in sport. After years of disarray the England rugby team finally got themselves together and won a game. Helped largely by the return of Jonny Wilkinson and Jason Robinson the Scots were defeated. Funniest moment of the day was the quote from the former coach Andy Robinson saying that he wouldn’t have selected Wilkinson. Hmm… Wonder why he’s the former coach?

At times like this it’s best to bring out the full national anthem. Verse 6 is rarely used nowadays.

Lord grant that Marshal Wade
May by thy mighty aid
Victory bring.
May he sedition hush,
And like a torrent rush,
Rebellious Scots to crush.
God save the Queen!

Where’s the campaign to use the full anthem?

One of the more interesting things I saw during my trip to Denver was at the Colorado History Museum. As well as learning more about the state and its history there was one particular exhibit that caught my eye - the story of Oliver Parker Fritchle (amazingly there doesn’t seem to be a wikipedia entry for Fritchle, even if there was I’m now going to try and not link to it due to their recent news on nofollow links).

Fritchle developed the first battery for electric cars capable of doing one hundred miles on a single charge - nothing remarkable in that itself, but the fact that this was patented in 1903 with cars being sold with it from 1905 to 1907 was something I hadn’t previously known. The exhibit at the museum features a video which finishes with a comment regarding how Fritchle may be surprised to see the efforts put into electric car batteries recently and how range is about the same (obviously power has improved somewhat)! Fritchle went out of business when the self-starter motor for the petrol engine was perfected. The cars also cost a lot more than the Model T (as a comparison) - somewhere in the region of ten times as much (I wonder how much of that is purely economies of scale though?).

The story of Fritchle is itself of interest, but what really brought it back to my mind was, as I was catching up with my RSS feeds, this post about disruptive technologies and the specific reference to electric motors and the development of the petroleum engine - there’s an incredible parallel there with Fritchle’s story. Of course, he didn’t understand the market for transportation and (from what I’ve read and heard of him since) that wasn’t his priority.

Competing technologies often ebb and flow in superiority with successive revisions and it seems like this is the case in car engine technologies as well.

Yesterday I took the plunge and upgraded this blog to Wordpress 2.1, after upgrading a couple of the plugins that were rendered incompatible everything seems to be working (I’ve got one issue with the popularity contest plugin under investigation, but that doesn’t affect public access). So far everything looks good. Whatever database optimisations have been made look to be successful and the overall experience seems to be “snappier” (technical term that).

Automated auto-saves of posts is fantastic, but something I’d been really looking for is the ability to have draft pages (previously pages could only be published, which meant writing the whole thing off-line then pasting it in). I need to re-evaluate my use of categories since the link manager uses the same categories as posts (that just seems odd to me), although allowing nested categories for links might be useful. Hopefully I’ve tested everything enough

There were a couple of out of band comments on my previous post and some clarifications I wanted to make that seemed worth following up.

I initially mentioned about the policy aspect of federated authorisation, saying that I didn’t see many situations where an SP would relinquish the access control to the IdP, but went on to state that an attribute exchange could be used for such purposes. In fact what is happening here is that the SP determines access control (potentially RBAC) levels - this class of users have R/W access to this resource, then the IdP determines which users actually fall into that class. The level of which this is allowed will be determined by the trust and relationship between the parties. The alternative, of course, is to maintain full profile information for the federated users at the SP and make authorisation decisions based upon that.

The scenario of passing identity data, and not the identity itself, also provides a level of privacy at the SP - there are situations where the SP doesn’t care who a user is, only what he is - and there are scenarios where the SP shouldn’t know that information (although there would usually be some link between the two that can be used to provide a complete audit trail where required).

Given the increased interest in federated provisioning and exploration about how this will work I’d have to suggest that the end goal is one where the SP has no need to store any identity data (using the attributes passed in the token for session purposes only) other than the minimum to maintain persistent identities across sessions (Welcome User, you last accessed our site on…)