Thursday, July 30, 2009

John Clippinger on i-cards and Google wave

John Clippinger, who directs the Law Lab at Harvard University and who is a co-founder of Parity Communications now Azigo, talks about Information Cards, the wallet and that this will be integrated into Google wave.

This video is from the ideas project:


My hope is that companies like Google will help to put Information Cards into the browser.

Thursday, July 23, 2009

DroidCon and DroidCamp Berlin

DroidCon DroidCamp
DroidCamp BerlinNov 3, 2009

DroidCon BerlinNov 4, 2009

Sponsored by T-Labs!!!

Auth-napping OpenId by Weave

My first feeling was that this is a bit intrusive but then...

Here is a picture of the authnapped OpenId form:

Here is a picture of the original OpenId login:

It is the user's decision to install and use Mozilla Lab's project "weave" or not. And this solves parts of the NASCAR problem. Why should the service provider suggest some OpenId providers using the NASCAR? Well, if he has a whitelist of trusted OPs then yes.
But the OpenId-NASCAR is a cludge anyway.
I think that there should be an XRD description of which authentication methods and providers and token formats and so on a service provider supports or requires. Then a client component - read Browser extension - could help the user to make a good decision and prevent phishing attacks and more.
The user does not care whether the protocol is OpenId or Information Card or if the token format is SAML2 or what not. A unique user experience is desired. Ease of use is required. User consent is required. Security and Privacy need to be protected.

This should be "in the browser"! Secure by default. Privacy protecting by default.
I guess I don't have to repeat that I prefer the Information Card metaphor and UI. A client component is a good thing and it should be ubiquious, build-in but replacable and configurable at the user's choice.

Identification, authentication and claims/attribute transfer is not the primary service provider's interest. Those tasks should be moved outside of the website's code into an authnapping module of the user's browser.

Authnapping is good!

Imaginary Schedule for Catalyst '09

If I could travel to Burton Group Catalyst Conference I would go to this talks:














speakertitle
Bob Blakley2009: Upheaval In The Identity Market
Lori Rowland; Bob Blakley; Mark Diodati;Gerry Gebel;Ian Glazer;Kevin KampmanIdentity Management: No Time Like the Present
Michael Barrett"Two Billionths of a Second after the Big Bang - Where Is Consumer Identity
Bob BlakleyThe Identity Services Market
Bill PeerComing to Grips with Your Inner Cloud
Mary Ruddy; Ron Carpinella; Tom Oscherwitz; Rick Rubin; Denise TayloeThe Age of Identity Oracles
Anne Thomas ManesIn Memory of SOA
Robert AmosEmpower the Business with Identity Management
Richard WatsonService Modeling: Making Sure Your Services Deliver Value
Dharmesh PanchmatiaService Orientation for Success: a Case Study

and more. Listing all interesting talks here takes too much time.
And then there is the Concordia workshop and the ICF Directors Face-to-face meeting...

I wish I could be there.

Friday, July 03, 2009

iPhone Selector @ xmldap.org


The Higgins Project, namely Markus Sabadello, created an Information Card Selector that runs on the iPhone. Due to Apple's benevolent dictatorship which prevents extensions to the iPhone's webbrowser this selector uses a custom URL-scheme to launch the selector from a web page. Details can be found here.

I adapted the xmldap relying party to output the new URL-scheme when the user-agent contains "iPhone" or "iPod".

Here are some screenshots that Markus provided:





Integrating this into the openinfocard selector is a task for this evening.