San Jose Grand Prix

Thanks to my very good friend Brian Schussler for getting me into Adobe’s San Jose offices yesterday to watch the San Jose Grand Prix from the air conditioned splendour of a 2nd floor conference room. Here are some pics from the event:

The view south along Almaden Boulevard. I think that’s Rodolfo Lavin.

Bjorn Wirdheim at turn 4 – Almaden Boulevard into Park Avenue.

Following the pace car during one of the numerous yellow flags – Sebastien Bourdais leading Paul Tracy.

Unfortunately, at this point I was out of space on my camera and out of battery. That’s life…

Don Bowen – Directory Fan(atic), Human Rolodex, Change Agent

We have a hallway poster campaign at Sun, highlighting Sun employees for their unique contributions to the company. The latest set of posters include one featuring Wizard of IdM, Don Bowen:


As you can see, there have been some, ah, customizations, to the poster on the right.
Here is Don’s quote from the poster:

Three things motivate me at Sun: the people I work with, the technology and opportunity in the Identity Management market, and the customers our products really do help. In my 26 year career, this is by far the best and most fun group of people I’ve ever worked with. One of the most exciting areas in all of technology today is Identity Management. It’s like living in Hawaii – someone’s got to do it. What makes it all meaningful is that what I do really matters. Our customers derive real business value because of what I do at Sun.

Way to go Don!!!

Speaking on OpenSSO at Planetwork Thursday July 28th 2005

I’ll be speaking on OpenSSO at Planetwork in San Francisco next Thursday, July 28th 2005. Here is the complete announcement I received from Kaliya Hamlin:

Thursday, July 28th doors at 6, program at 7, networking from 8-10
CIIS, Namaste Hall,3rd Floor, 1453 Mission St. San Francisco (2 blocks from Civic Center BART) – map

Kaliya Hamlin, the Identity Woman, curated this line up that provides a great opportunity to learn more about some of the latest tools for next generation digital identity.

Light Weight Identity – LID
Johannes Ernst NetMesh Inc.
Light-Weight Identity(tm)– LID(tm)– a new and very simple digital identity protocol that puts users in control of their own digital identities, without reliance on a centralized party and without approval from an “identity provider”.

Brad Fitzpatrick Six Apart, Ltd.
OpenID, a decentralized identity system, but one that’s actually decentralized and doesn’t entirely crumble if one company turns evil or goes out of business. An OpenID identity is just a URL.

Sun Single Sign On
Pat Patterson Sun Microsystems
Sun is announcing the intention to open source web single sign-on. This project, called Open Web Single Sign-On, or OpenSSO, gives developers access to the source code to these basic identity services allows them to focus on innovations that solve more urgent problems, such as securely connecting partner networks, ensuring user privacy, and proving compliance.

Opinity, Inc
Ted Cho
Opinity provides what might be called open reputation for end users. It is a young start up offering free online reputation management related services so that individuals can authenticate, aggregate, and mobilize their website (eBay, Amazon, etc.) reputations. Opinity also offers reputation management tools so that individuals can monitor, build, and work to enhance their own reputation going forward. Individuals can also review other individuals at the Opinity website.

Planetwork has been hosting monthly networking forums in the Bay Area for the last 3 years. We are a unique network sitting at the nexus of technology use for social and environmental good. To support the monthly forums we invite voluntary donations (in a basket on the food table).

If you would like to join our mailing list to get more information about upcoming events please go to this page and get a planetwork i-name.

So, come along, throw a few bucks into the basket, listen to me and my fellow speakers and stay for a chat.

Making sense of the federation protocol landscape

By way of Archie Reed’s Secure Identity Management Blog (Archie is a Director in Identity Management at HP), I just came across this article on Federation by Jason Rouault (also at HP) – Making sense of the federation protocol landscape.
While, obviously, I would direct you away from the section on HP products at the end (), the remainder is a nice summary of federation and a useful comparison of the various protocols.

That Was The Catalyst That Was

Well, I’m sitting here in the Application Security track on the final day of Catalyst. Other bloggers (Kaliya, Phil, Mark) have covered the sessions in some detail; here are my highlights:

  • Wednesday
    • Mike Neuenschwander trashing a cell phone on stage, making a point about deprovisioning. Mike swung the phone by its headset cord and whacked it into the stage – cellphone deprovisioned.
    • Jarrod Jasper of GM, again on the importance of deprovisioning. Apparently a GM employee left the company and kept his cellphone. Said employee proceeded to start up a 900 number and ran up $50,000 a month on the phone. For 18 months… Ouch!
    • Johnny L’s presentation on OpenSSO.
    • The Multi-Protocol Federated Identity Interoperability Demonstration – Sun’s Access Manager acted as an identity provider to 13 service providers. The user could log in to a portal protected by Access Manager, then access the 13 SP sites without providing further credentials, each SP recognising the user’s identity via SAML 1.0, SAML 1.1, Liberty ID-FF 1.2 or SAML 2.0. For the record, we worked with BMC, CA, DataPower, HP, IBM, Internet2, Novell, Symlabs and Trustgenix to pull this off. Kudos to all concerned, particularly Wei Sun and Emily Xu – ace developers on the Access Manager team. Emily arrived on Monday morning, set up, configured AM for the set of service providers… and that was it. Not one line of AM code changed between Monday morning and the demo event on Wednesday night.
  • Thursday
    • Ken Weiss of Charles Schwab with a compelling presentation on how Schwab have built a web services infrastructure to manage employee identity and access. Great delivery, great content.
    • Dick Hardt of Sxip‘s presentation on Identity 2.0. Wow – he was paging through slides about one every two seconds, each slide containing a single graphic or a word or two. Think D. A. Pennebaker’s famous film of Dylan’s Subterranean Homesick Blues. The thrust of the presentation was that we need an Identity 2.0 to match Web 2.0, with protocols that are simple, secure and open. Dick sets a new standard for presentations at Catalyst – you’re right, Don, definitely Presentation 2.0.
    • Sun’s hospitality suite had a ‘space’ theme – Identity Mission ’05. Our event organiser, Bianca Botello, did a truly excellent job – we definitely had the suite of the show.
    • Meeting Stefan Brands, who explained his technology for user-centric identity to me, and also warned me off reading his book – “It’s very esoteric”. Too late, Stefan… I’m already on chapter 2.
    • The after-party at the W bar, and waving Dick Hardt (Sxip) and John Shewchuck (Microsoft) off in a cab at 2am, Tijuana bound (them, not us!). Rather disappointingly, I hear that they returned intact. Oh well…

So – yet another great Catalyst. If you’re working in identity management, and you can only attend one conference, make this the one.

OpenSSO is here!

I’m sitting here in the Identity & Privacy track at the Burton Catalyst conference in San Diego. Johnny L just left the stage, having announced that Sun will be open sourcing web single sign-on as OpenSSO – part of Sun’s ongoing commitment to the Participation Age.
We will be releasing source code for authentication, single-domain single sign-on, web and J2EE agents (the core of Sun’s Access Manager product) under the CDDL license. You will be able to download, build, extend and use the software without charge.
Here is the roadmap from the opensso site:

Date Deliverable
August 2005 High level architecture document and use cases for Open Web SSO.
October 2005 Read-only buildable sources for Session Module, that will provide ability to implement basic Single Sign On solutions.
December 2005 Read-only buildable sources for Authentication Module, that will provide the ability to implement a full scale single sign on solution.
February 2006 Read-only buildable source code for Early Access that will include an implementation of Single Sign On Agents for one web and one application server.
April 2006 Complete Open Source availability for all sources.

You can read much more at the OpenSSO page and particularly the FAQ. Google News already has the press release and an article at
So, go sign up at – the forums are open for discussion and questions. Welcome to the Participation Age!

Fixed Encoding Problems on Planet Identity

Regular readers of Planet Identity may have already noticed that I recently fixed an annoying problem with character encoding. The HTML content is UTF-8, but Apache was indicating in the HTTP header that it was ISO-8859-1. This caused non-alphanumeric characters in many posts to appear as multiple ‘garbage’ characters. Telling Apache that the encoding is UTF-8 (by setting AddDefaultCharset utf-8 in the relevant “VirtualHost” section of the Apache configuration file) fixed the problem – even Tatsuo Kudo‘s posts appear correctly, in Japanese (although I have to use Google Language Tools to figure them out ).
Thanks to David Edmondson (proprietor of Planet Sun) for the tip, and continued thanks to Stephen Lau for hosting Planet Identity.