Apr 30, 2007

PII's Journey - Chapter 1

From the “What do two identity architects chat about while waiting for the plane to board” department.

Companies large and small gather personally identifiable information all the time (never mind that they rarely really need to, other than to fulfill their ill-conceived belief it will make my experience better or their wallets thicker). The data they get (lies, generally, unless it's important business) might be sent over TLS and the like, and may be covered by one or more privacy policies conveniently referenced far-far-away from the 'Submit' button... but there is never any mention what really happens to that data, after it's collected. Follow PII on it's epic journey through networks, servers and tapes in 'PII's Journey - an EPIC tale'.

It's a sad sad story....

Once upon a time, somewhere in one of the happier nooks of the internet, there was a little bit of data, named PII, just leaving it's owners computer, destined for important tasks at www.example.com. It was carefully sent, nice and snug under the covers of it's good friend TLS, and informed by some pleasing P3P policies, whereby it was assured no harm would befall it upon arrival at it's destination.

Feeling emboldened by anticipated loving care, it speed into the warm embrace of www.example.com's host, which was clearly identified by the DNS and the subject of a certificate upon which it's TLS road was paved (where said cooboration was of course carried out with the greatest of care).

Little PII, arriving in it's new home, is passed most respectfully to WWW's close friend and helper, apps.example.com, who generally assists in matters more complex than simple HTTP. PII looks backward, somewhat forlornly, at it's companion and confidant P3P and TLS, who accompanied him on the begin of his epic quest to conduct some important business.

PII arrives at apps (well it thinks that's her name, anyway), and is quickly swished through memory and swapped about a bit in apps file system, while apps performs what PII is certain is most difficult and arduous work. Variables and arrays and other structures serve as short stopping places. PII sees all sorts of other, unfamiliar and unrelated data too. Some seemed to be in classes, and PII wondered what instruction they were getting, and if they too were there for the same purpose.

PII doesn't mind so much the jostling and bumping about, knowing that it's mission is vital. At last, after what seemed like thousands of milliseconds, it is instructed to rest, with some other PII, at database.example.com... well, apps told PII that was his name... he arrived at a somewhat anonymous-looking dotted quad. Poor PII, not knowing what to do, and wishing to go home after recent mishandling, finds a row to rest in, and closes it's weary eyes.

PII dreams of the good times it spent with TLS and P3P, all the frolicking about, obediently following the directions of BGP and IP. It fondly remembers the comforting covenants of Jurisdiction and Purpose... of Recipient and Remedy. As the dream grows somewhat dark in nature, a shadow of database is seen in the distance, and PII sees itself moving slowly towards it, completely detached from Purpose and Reason, and with no special protections for its' journey. After fading into the distant ether, PII can no longer see itself, and hope's it's copy can remember all the promises made when it first began it's epic voyage.

Stayed tuned, for the continuing (mis)adventures of PII...

Apr 29, 2007

Bewitched flatware

George reported last week the magentic qualities of his flatware. And were it not for the photograph, none of us would have beleived him.

I can now report a second sighting of the unusual phenomena. I, unfortunately, did not have the camera handy, as I was held captive by the tray table, and the flight attendant (4/28 UA951 crew .. if your out there, wonderful job, by the way) whisked away the knife before I could capture the event in silicon (does anyone capture events on 'film' anymore?).

The flatware must have been stored outside the airplane during departure, as it's surface temperature was low enough to bond skin to metal.

Discussions ensued in Brussels, at the IOS confence as to the cause of the magnetic charge, but no consensus could be reached. But it is strangely coincident with the re-emergence of metal knifes on flights.

Labels: , ,

Apr 27, 2007

Trusting SIP

My good friend and colleague with others have for over a year now been working on a trait-based authorization specification for SIP known to some as 'SIP-SAML' . This fulfills the requirements outlined in “Trait-based Authorization Requirements for the Session Initiation Protocol (SIP)”, which specifies bindings and profiles for attribute statements (and assertions) from SAML artifacts. This then informs SIP intermediaries with the necessary material to make policy decisions about handling SIP signals (and the subsequent messages), among other use cases.

I've recently discovered that some have considered applying openID in a (slightly) similar manner for SIP mentioned here.

As the above reference articulates, improvements are required to the base openID architecture to accomplish this. Perhaps a token transformation via Liberty Alliance Authentication Service (pdf) accomplishes this objective.

Labels: , , ,

Apr 26, 2007

The swiss beverage empire

I'm here in Brussels for the Liberty Alliance Members meeting and Identity OpenSpace event, and they have been making certain we maintain our appetites by supplying cannabis in liquid form.

These need to be in the states. Both are quite good. It's a shame that the notion of a cannabis-based beverage would never fly in the US.
I think i need a snack now.

(Finally found the vendors website)