Federated Identity Checklist
I'm putting together a checklist of things to do to help federation succeed for the feature I'm writing for InfoWorld. Here's my list so far. Any other's that ought to be in there based on your experience? Find win-win situations where both parties benefit from the federation Start with internal projects Find an experienced partner for your first external federation Create a center of excellence in the CIO's office Establish a federated identity council to get input from business users Educate the legal department about federation and develop an in-house legal expert Pay attention to privacy Make sure your
Continue reading...
Alan Kay Followup
Here's a few follow ups to Alan Kay' talk last week. Scott Lemon has notes from Alan's technical and public lectures. Here's the link to the $100 laptop organization. Bill Clementson referenced my notes and added some quotes from Alan (from other talks). My favorite: "I invented the term Object-Oriented, and I can tell you I did not have C++ in mind." Alan's interview in Queue remains one of my favorite. I've had quite a few side discussions with others about the talk--it's gerenated a lot of interest. It's not often when I find myself thinking about a talk
Continue reading...
Alan Kay: The 100 Dollar Laptop and Powerful Ideas
Alan Kay preopares for his talk(click to enlarge) Alan Kay's evening talk is entitled Learners, Powerful ideas, and the $100 Laptop. He says that he's never found the right order for the ideas in the title. Computer companies in the 1960s thought Moore's law meant that they'd get higher margins. Web presses are amazing pieces of technology, but when you look at it, you don't see anything that tells you about how it changes things. Similarly, looking at the DynaBook in 1968 doesn't tell you the most important things. Thus, the idea of a $100 laptop isn't important because of
Continue reading...
Alan Kay: Is Computer Science an Oxymoron?
Alan Kay(click to enlarge) Alan Kay's title slide, up during the intro says Is the Best Way to Predict the Future to {Invent,Prevent} It? with the {Invent,Prevent} alternating between each other. He jokes that this afternoon's talk can be summed up by the fact that he has to wear two microphones to speak instead of one. The talk was billed as "Software Engineering vs. Computer Science, so I'm anxious to see how his title relates to that. I have some more photos too. Much of what is wrong about our field is that many of the ideas that happened before
Continue reading...
February CTO Breakfast Report
This morning's CTO breakfast was well attended (about 30 people) with good discussion. Here are some of the things we talked about. I started out mentioning that Hillarie Orman was on a panel at Demo and asking for a report from her. We got a good Cliff Notes version of the panel and conference. Bruce Grant was also there and mentions that conference was full of marketing hype as well as very smart people. We got into a short discussion of quantum computing and what that means to cryptography. Quantum computing and it's effects on cryptography shouldn't be confused
Continue reading...
Presentation at W3C Workshop
The paper Kaliya Hamlin, Aldo Castaneda and I put together for the W3C Workshop on Transparency and Usability of Web Authentication was accepted for presentation. The paper discussed identity rights agreements. W3C has released the draft program. This looks like a really good event. Unfortunately, I've already committed to moderating a panel at the InfoWorld SOA Executive Forum in San Francisco those days and the workshop's in NYC. I'll have to rely on my co-authors to make the presentation.
Continue reading...
Legislative Live Blogging
Yesterday Steve Urquhart live blogged a day of the Utah Legislature from his chair as Majority Whip. This is likely the very first live blog of a session by a sitting legislator. Interesting and informative to see a whole day from his perspective.
Continue reading...
Hearing Alan Kay
Alan Kay is giving the Organick Lecture at the University of Utah on Thursday. It's actually two lectures, one in the afternoon on "computer science" and "software engineering" and on in the evening on the $100 laptop. I'm planning on going to both. If you're interested in riding with me, I've got four seats--first come, first serve. I'll be leaving BYU at 2:15. Since I'm planning on staying for both lectures, I won't be home until late. If you're already in Salt Lake, it would be fun to get some people together for dinner in between the lectures. Say
Continue reading...
Social Software and eGovernment
In a recent Government Technology News article Wayne Hanson asks "Can Social Software Improve eGovernment?" One interesting thing that struck me in the opening paragraph is that he throws RSS into the pool of accepted technology. That's saying something for RSS that I'm not sure is acknowledged much. The article talks about blogs, referencing an article from last February that spoke about our blogging experiment in Utah when I was CIO. It also mentions wikis, del.icio.us, Flickr, and collaborative editing tools like Subetha and Moon Edit. Unfortunately, the article reaches no conclusions and even makes a few blatant errors
Continue reading...
CTO Breakfast on Thursday
We'll be having the monthly CTO Breakfast this Thursday at 8am. As usual, we'll meet in the Food Court at Canyon Park Technology Center (Building L of the former Word Perfect Campus). Come prepared to talk to the group about one or two interesting technologies you've seen in the last little while. We want to know what made you say "wow!" lately. The next three CTO Breakfast's will be: March 30 (Thursday) April 28 (Friday) May 19 (Friday) Mark your calendar's now! Remember, you don't have to be a CTO to come. Just someone interested in technology and its
Continue reading...
No Lawyer Left Standing
One Utah has a funny faux-news story about VP Cheney's little hunting accident. Might surprise you to know we have liberal bloggers in Utah. Two in fact.
Continue reading...
Position Paper at W3C Workshop on Web Authentication
Kaliya Hamlin, Aldo Castaneda, and I have had a position paper accepted at the W3C Workshop on Transparency and Usability of Web Authentication. The workshop will be March 15 and 16 in New York. Our paper is Identity Rights Agreements and Provider Reputation. Identity Commons Position Paper. This is probably the most complete discussion of our thinking around identity rights agreements to date.
Continue reading...
Ron Kohavi on Data Mining and eCommerce
Today's colloquium was Ron Kohavi from Microsoft research. His talk was titled: Focus the Mining Beacon: Lessons and Challenges from the World of E-Commerce (PPT). Ron was at Blue Martini Software where he was responsible for data mining. They developed an end-to-end eCommerce platform with integrated business intelligence from collections, ETL, data warehousing, reporting, mining, and visualization. Later Ron was at Amazon doing the same thing. Again, simple things work (people who bought X bought Y). Human insight is the key--most good features come from human ideas, not extensive analysis. Amazon measures everything. Any change was introduced with a
Continue reading...
Open Telecom Box
Telecom box left open in Orem(click to enlarge) Yesterday afternoon I was driving down 1600 North in Orem and noticed an open telecom box. I stopped and took a picture. I also tried to close it up. The latching mechanism seemed to be working and undamaged, but there was no handle on the outside (it's removable). The box appeared to house some kind of remote DSLAM and probably Qwest's. It had been open for a while (notice the little icicles hanging inside the cabinet). I went to the Qwest Web site to find some way to report it and there
Continue reading...
Timp
Mt Timpanogos(click to enlarge) Mt Timpanogos stands at the north end of Utah County. It's about 11,500 feet tall and can be climbed by hikers in a long day. This morning, after the snow we got last night, it looked great. This picture is from the parking lot just outside the building I'm in at BYU. It's also the view out my office window.
Continue reading...
VeriSign's VIP
Verisign has announced a system for better authentication on the Internet that will be supported by eBay, Yahoo! and PayPal. The system uses a USB hardware token. I'm interested to see if people will use it. American Express had a card (I think it was called "blue") a long time ago that included a smartcard and gafve away the readers. People didn't go for it. Maybe if they can get someone to put them in this really cewl wristband, they will.
Continue reading...
Oracle Buy Sleepycat
Oracle announced that they are buying Sleepycat, the maker of the DbXML database I use in several projects. This is good for Sleepycat, but might mean trouble for MySQL. I blogged about it at Between the Lines.
Continue reading...
ThinkCAP JX
Does anyone have any experience with ThinkCAP JX? It's a development framework for J2EE. Any comments you have would be appreciated.
Continue reading...
Lightweight Identity Systems
Eve Maler has a nice list of Internet Identity systems. Good summary. Johannes Ernst adds some thoughts in the comments to Eve's post, so be sure to read the whole thing. Eve also offers up some slides (PDF) that introduce Liberty and SAML.
Continue reading...
Viruses, P2P, and Privacy
The Japan Time is reporting that the names of 10,000 Japanese convicts have been leaked from an employee's personal computer that was infected by a virus from the P2P program Winny. The information was initially stored on a CD by a staff member at Kagoshima Prison and handed to a staff member of Kyoto Prison in December. That employee left the CD in a personal computer. The data was leaked after the computer was infected with a virus via the peer-to-peer file-sharing program Winny, which had been installed on the computer, the officials said. From The Japan Times Online
Continue reading...
BYU RUG Report
I wasn't able to go the BYU Ruby User's Group meeting last week, but Lee Jensen went and filed this report: I went to the BYU RUG Meeting last night in Provo. The guest speaker was Eric Hodel part of the Robot Coop makers of the 43(things,people,places) social sites. He explained some of the interesting projects that he's been working on and has done in Ruby. He's currently working on a project called Ruby2c or MetaRuby which seeks to make an parser which will implement a subset of Ruby that can be output to the C language and then
Continue reading...
SOA in the Public Sector
I'm quoted in an article in Public CIO magazine. I was interviewed for this story on the use of SOA and Web services in the government so long ago, I can hardly remember it. The article, especially the last line, makes me look less enthusiastic about SOA in the public sector than I am. I think public sector CIOs have a great opportunity to use the governance powers that they already have, in connection with relatively modest expenditures on infrastructure to build real connectivity between departmental silos.
Continue reading...
Fifty Writing Tools
Poynter, an online resource for journalists, has fifty tips for writing better. These are worth reading and practicing.
Continue reading...
Defining Reputation
I defined reputation in a recent post. More specifically, I said that reputation isn't identity. Dick Hardt disagrees. To tell the truth, I hadn't remembered that slide from his famous identity presentation. Dick refers to a definition of reputation from dictionary.com reputation: 3. A specific characteristic or trait ascribed to a person or thing and says To me, this makes it clear that reputation is part of your identity. Phil states that identity data is not transaction data or reputation data. I think it is. An example of transaction data being identity: "I'm the guy that bought that black
Continue reading...
Registering Identity
A couple of bills caught my attention today. Both bills, under consideration by the Utah Legislature, deal with identity. The first, HB158 would require convicted sex offenders to renew their driver's license yearly. The idea is that while sex offenders are under no pressure to keep their data current in the state's online sex offender registry, they need a driver's license. The bill turns a manual process of checking into a more automatic process where renewing a driver's license updates the registry. The second, HB429, places restrictions on the sale of components used to make meth. Anyone purchasing medicines
Continue reading...
LISP Ecosystems
I criticized Allegro yesterday at Between the Lines for a business model that sells programming language development environments like they were enterprise software. Programming languages and their development environments are free in the 21st century--at least that's how most people think about them. I can't imagine approaching a VC, for example, with a business plan that has as it's basis selling programming language tools. The problem is that programming languages depend on complex ecosystems of libraries, IDEs, testing tools, Web components, and so on. A reader at BTL said it in this way: Where's the ecosystem? LISP was born
Continue reading...
James Kennedy on Particle Swarming
James Kennedy is social psychologist with the Dept. of Labor's Bureau of Labor Statistics. He's speaking at today's BYU CS colloquium on "The Essential Particle Swarm." He was introduced as the inventor of particle swarming algorithms. He muses whether he's the inventor or discoverer of the algorithm, given that this is a process inherent in many places in nature. The term discoverer might be more apt. James started his work doing computer simulations of the interactions of individuals and their interactions in social context. Social dynamics are adaptive. Societies adapt to their environment, not just the physical environment, but
Continue reading...
Mail and Chax
This morning I ran across an iCHat utility called Chax that adds some features to iChat. One I was particularly interested in was auto-accept for chats. I get tired of having to hit "accept" whenever chats come in. This afternoon Mail started crashing. After opening it up, it would just die after a few seconds. No warning, nothing. A quick look in the console showed that a crash report was being written to ~/Library/Logs/CrashReporter/Mail.crash.log. That showed the following: Binary Images Description: 0x1000 - 0x198fff com.apple.mail 2.0.5 (746) /Applications/Mail.app/Contents/MacOS/Mail 0x3f9000 - 0x3f9fff com.ksuther.chaxloader ??? (1.3) /Users/pjw/Library/InputManagers/Chax/Chax.bundle/Contents/MacOS/Chax ... So, I uninstalled
Continue reading...
Bagley on McBride
Fellow Utahn Judd Bagley has posted a podcast with SCO's controversial CEO Darl McBride on Business Jive. He has some other interesting podcasts there as well.
Continue reading...
Switching to Vonage
Home patch panel(click to enlarge) Today was the day I finally made the break with Qwest. I've been paying twice what I would for Vonage's best service and not getting as many features. I've had Vonage as my business line for a few years now and have been happy with it so I decided I'd transfer the main number to Vonage as well and say goodbye to my ILEC. I get my broadband access from Comcast and it's been pretty reliable. The few problems I've had have been DNS and that doesn't affect VoIP--it kept right on working. The other
Continue reading...
Who Knew?
Who knew that Peter Coffee was a closet LISP junky? First he published this piece on "exotic" languages that I commented on at Between the Lines and then yesterday, he put out an article entitled LISP Deserves a Fresh Look. Peter's argument has two prongs. His first point is that old arguments against LISP are largely no longer true. The current generation of application developers has been imprinted with a business model of mass-market software as frozen bits, packaged as executable binary files, delivered on inexpensive media units--floppy disks or CDs--to run on a PC. This model is merely
Continue reading...
JavaSchools, Scheme, and Sin
Joel Spolsky has a great essay on the perils of JavaSchools, those CS programs that adopt Java (or .Net, to be fair) because it is easy for students to learn. In it, he sings the praises of learning Scheme and being exposed to functional programming. Without understanding functional programming, you can't invent MapReduce, the algorithm that makes Google so massively scalable. The terms Map and Reduce come from Lisp and functional programming. MapReduce is, in retrospect, obvious to anyone who remembers from their 6.001-equivalent programming class that purely functional programs have no side effects and are thus trivially parallelizable.
Continue reading...
CRAP: At the Whiteboard
David Berlind has a 3 minute whiteboard presentation on CRAP (content restiction, annulment, and protection), the new term for DRM. His advice: don't buy anything with CRAP in it. I like these little whiteboard presentations. They're a lot like screencasts, short, simple to make, and easy to watch. As long as we're on the subject of CRAP, check out the analyses of iTunes U, Apples attempt to corral universities into the iTunes/iPod silo, by Jon Udell and Gardner Campbell. Jon got a load of crap (note the small case) from Mac zealots for daring to criticize Apple.
Continue reading...
Eric Hodel at BYU RUG
The BYU Ruby User's Group is meeting tonight at 7pm in 120 TMCB. The guest speaker is Eric Hodel from Seattle Washington.
Continue reading...
Alan Kay Organick Lectures
Alan Kay will give this year's Organick Lectures at the University of Utah on Feb 23rd. He will speak in the afternoon (@3:40pm) on "Are 'Computer Science' and 'Software Engineering' Oxymorons?" and in the evening (@7:30pm) on "Children, Powerful Ideas, and the $100 Laptop." Both lectures will be at the 202 Skaggs Biology Research Building. If you're in the area, you ought to go. Alan Kay has wonderful and inspiring to listen to whenever I've heard him. What's more, the setting is usually fairly small. Last year, when I heard Vint Cerf speak, there were probably less that 100
Continue reading...
Using Google's Universal Authentication Engine
Google's Chat service, GTalk, is based on XMPP, the protocol behind Jabber. That's why you can use any Jabber client with GTalk. This has other implications beyond chat clients, however. XMPP has a very capable authentication mechanism built-in to service distributed chat servers, but you can use XMPP authentication for anything. Google has conviniently tied this authentication service to your Google account. That means that you could build an application that let's people log in using their Google account name (what I call GIDs) and password without any prior arrangement with Google. With no fanfare at all, Google has
Continue reading...
Rivers of Information and Social Media
I just finished speaking at the Enterprise Software Summit on rivers of information. The idea basically comes down to the fact that blogs, RSS, and other Web 2.0 technology is changing the dominant metaphor we have for the 'Net from "place" to "flow." Jeff Nolan took some notes. Jeff's speaking now on how he uses social media at SAP to try to get SAP's message out. He mentions a study that indicates CEOs are among the least trusted spokespeople. This has interesting implications or the rise of the blogging CEO. Jeff says it's more important to get others blogging
Continue reading...
SaaS Lessons Learned
I'm at the Enterprise Software Summit in Sundance this afternoon (I'm speaking tomorrow). Greg Gianforte, from Right Now, is speaking about things they've learned about supporting software as a service (SaaS). Deployment choice - on premise and hosted. Large enterprises, particularly financial and government, need an on premise solution. You need a software architecture that supports both. Installations often go to a hosted solution, hosted solutions rarely move to on premise installations. Software has to be architected from the start with multi-tenancy in mind. "On demand" does not equal "pay as you go" Separate the way to pay from
Continue reading...
Britt Blaser on Dean Done Right
Britt Blaser's speaking at the Berkman Center tomorrow on Lessons from Burlington. This refers to the Dean campaign headquarters and Dean's use of Internet technology. Britt's been very busy trying to generalize those lessons for all kinds of political activity. Should be a good show.
Continue reading...
Time to Learn LISP
I just posted an article at Between the Lines called Time to learn LISP, a riff on Peter Coffee's recent piece on LISP and other "exotic" languages and techniques going mainstream.
Continue reading...
A Model Regime for Privacy Protection
Daniel Solove and Chris Hoofnagle have published a paper entitled A Model Regime of Privacy Protection. The paper outlines patches that could be applied to current US law to increase privacy protection. In the paper, Solove and Hoofnagle build the model regime around Fair Use Practices, a set of very general principles: There must be no personal data record-keeping system whose very existence is secret. There must be a way for an individual to find out what information about him is in a record and how it is used. There must be a way for an individual to prevent
Continue reading...
Reputation Can't Be Asserted
Marco Barulli is building a reputation system for blog comments. In this post, he runs through a scenario for how it might be used. One thing bothered me. One part of his scenario says: [Alice] invokes a bookmarklet to ask her reputation manager for a unique comment token. The reputation manager can't be "hers." The reputation system envisioned by Marco uses tokens to authenticate someone to retrieve Alice's reputation. This isn't reputation in the general sense. Reputation is other people's story about you, not your own story. Thus a general purpose reputation manager can't under Alice's control. Sometimes we
Continue reading...
Some Thinking About Reputation
In my grad class this semester, we're designing and building a reputation system. Today we had some discussions which I wanted to capture and get feedback on. First, the overall idea is that reputation is computed from identity and transactional data. So a reputation, R, is calculated as follows: I == a vector of identities TxI == a vector of transactions on I VI == a vector of verification data on I R = F(I, VI, TxI) Some thoughts Allow users to assert I The system would provide ways for users and others to verify I (forming VI) The
Continue reading...
Newer Is Not Always Better
Today I ran across OldVersion.com who's tag line is "newer is not always better." OldVersion.com is a collection of old versions of programs. When I saw it, I thought of a couple of benefits: first old version often run better on old computers because newer versions require more resources. Second, some new versions disable features that you want or add features that interfere with how you use the program. One benefit I hadn't thought of that's listed prominently on the site is the ability to avoid spyware. Older versions of programs that are now bundled with spyware are often
Continue reading...
Cadena: Analyzing Component-Based Software Architectures
John Hatcliff spoke at this morning's BYU Computer Science colloquium. John is a professor of Computer Science at Kansas State University. He's speaking on Model-driven development, analysis, and optimization in a system called Cadena. The project is based on using middleware to form abstractions of distriburted computing components. The talk is focused on a real-time CORBA event service. The "model-driven" portion of the talk discusses formalisms for building high-assurance distributed systems. The framework supports plugging in various light-weight specification, analysis, and verification systems. The work was done in the context of an avionics mission control system project sponsored by
Continue reading...
Calendaring Tools
I put a piece up at Between the Lines on calendaring tools and in particular, SpongeCell a nifty online calendaring tool that accepts English language commands for creating appointments.
Continue reading...
Ajax Logins
While over at the Ajaxian, I saw an interesting article from evolt.org about an Ajax-enabled login system by James Dam. There's a demo that shows how it works. The overall effect is quite nice, I think. Rather than flipping from page to page as you log in, the authentication is done from a single page. There are also some advantages from a security standpoint (most notably the password is hashed before it's transmitted to the server, unlike a forms approach). This would be excellent for blog comment forms and other places where people authenticate, but don't leave the page.
Continue reading...
Ben Galbraith: Ajaxian
Ben Galbraith is an Ajaxian. I met Ben when he was president of the Utah Java user's Group. Ben's also the author, along with Justin Gehtland and Dion Almaer, of Pragmatic Ajax : A Web 2.0 Primer. I've always been impressed with Ben's talks and writing, so I'm anxious to pick up a copy and see what he has to say.
Continue reading...
XML and the Real-Time Web
In an article, worth reading, on the use of Web technologies to manage disaster recovery, David Stephenson discusses how XML increases eGovernment productivity: Now there's another piece of the pie from the Center for Technology in Government and New York State: a test project in which 5 New York agencies switched from HTML to XML to produce their websites. As a long-time pimp for XML's widespread use in government as a tool to promote interoperability and data exchange in homeland security, I was ecstatic with the results as reported by Federal Computer Week's Dibbs Sarkar: a lot less time
Continue reading...
IIW2006A Dates
We're planning dates for the 2006 Internet Identity Workshop (part A). We're planning to hold the workshop in the Bay area, but before we can finalize the venue, we need to pick dates. We've settled on May 2-3 or May 10-11 with a strong preference for May 2-3 right now. If you have strong feelings one way or the other, please let me know.
Continue reading...