November 24, 2009

Intrigued by Posterous

Filed under: Admin — Dr. Ernie @ 2:26 pm

http://drernie.posterous.com/

Yes, I know I’m late to the party. But, now that they have Twitter and LinkedIn support, I figured I should take the plunge. This may be particularly useful for increasing the number of updates on http://ihack.us/. If so, I guess you’ll see about it here.

November 10, 2009

Active Identity Clients (AICs) for OpenID

Filed under: Identity — Dr. Ernie @ 5:18 pm
Tags: identity, javascript, openid

“Enough is enough! I have had it with these #@%!*$ AICs and their #@%!*$ panes” — Samuel H.S. “Hammer Stack” Jackson (with apologies to Neville Flynn)

Introduction

The OpenID community is still wrestling with how to deliver a first-time login experience that is acceptable to mainstream users. Research indicates we need something less open-ended than typing into a blank URL field, but neither is it desirable to push users to choose from a few (or worse, many) pre-selected identity provider logos.

One approach for solving this problem is called (for lack of a better term) the Active Identity Client, or AIC (similar to what I previously called a Chamberlain). An AIC boostraps the identity selection process at a new website (aka Relying Party, or RP) by storing some amount of identity information on the user’s home computer. The AIC uses that identity to access a persistent record of the user’s interaction with multiple sites and identity providers (IdPs) to negotiate and streamline future such interactions. This (in theory) allows the user, rather than the RP, to prioritize which providers to use.

A number of such AICs were demonstrated at last week’s Internet Identity Workshop. Rather than attempting to standardize on a single AIC, a group of us discussed developing a common infrastructure that might enable a broad spectrum of AICs to innovate and compete. Specifically, we attempted to identity conventions, best practices, and extensions to existing standards that would support both “native” and “in-browser” AICs.

This article is my idiosyncratic attempt to synthesize what we discussed into a coherent vision for Active Identity Clients. It may not fully reflect the opinions of any given participant, and certainly does not represent the views of our respective employers. Rather, it is a subjective snapshot of a still-evolving problem space, and is intended to provide a concrete starting point for further discussion, critique, and clarification. (more…)

November 2, 2009

Chamberlain: A User-Serving Model for Identity Management

Filed under: Identity — Dr. Ernie @ 4:45 pm

[Disclaimer: The following is a hypothesis I am exploring for the Nov 2009 Internet Identity Workshop. It may not even reflect my current thinking, and certainly doesn't represent any sort of official position of my employer.]

Chamberlain: A User-Serving Model for Identity Management

Introduction

Most proposals for open identity management on the Internet use the wallet metaphor, where the user is expected to choose from amongst a variety of disjoint identities when accessing a given website. This either requires typing in a complex unique identifier (e.g., a URL) or selecting from one of several provider logos (aka the NASCAR Problem). Worse, this entire ecosystem typically exists in parallel with traditional username/password authentication, increasing the complexity of the choices users are expected to make.

I believe that the best way to solve these problems is to move to an entirely different metaphor. Rather than thinking of identity as something manually managed by the user (like cards in a wallet), I believe the vast majority of users want identity to be something that is managed *for* them — the way a chamberlain in a palace might keep keys to all the rooms, and control who was allowed to go where in accordance with royal policy.

From this perspective, the real challenge is understanding what kind of experience users want when using an identity system, and then building an architecture optimized for enabling that kind of experience. This “chamberlain” approach leads to very different questions and outcomes than the traditional model. Designing such a system will require making hard choices about what sort of security non-technical users truly need and want, as well as about the metadata necessary to support those choices. Moreoever, implementations would require significant client-side support, and create different winners and losers than existing systems — both of which could hinder broad adoption.

That said, the potential payoff is an architecture that would work reasonably well with the web as it is today, and scale cleanly to support more elegant mechanisms in the future. While my initial proposal below is unlikely to achieve all those goals, hopefully it will at least provoke others to come up with something even better.
(more…)

Comments (1)

October 28, 2009

The Gospel in Calculus, on WordPress LaTeX

Filed under: Fun and Games — Dr. Ernie @ 9:28 pm

GOOD NEWS for Modern Nerds

See more details at Radically Happy, and T-shirts at CafePress

There is one God over all the universe, from everlasting to everlasting. Deuteronomy 6:4
$\int_{-\infty}^{+\infty}\!\! \int_{-\infty}^{+\infty}\!\!\int_{-\infty}^{+\infty}\!\! \int_{-\infty}^{+\infty}\!\! {\cal GOD}\,dx\,dy\,dz\,dt \equiv 1$
He is independent of space and time. Malachi 3:6
$\frac{\partial{\cal GOD}}{\partial t} = \vec{\nabla}\!{\cal GOD} \equiv 0$
For all men are sinners, and fall short of God. Romans 3:23
$\forall {\mathit \{men\} } \subset {\mathit \{sinners\} } \ll {\cal GOD}$
Christ is the Lamb’ de God. John 1:29
${\bf Christ} = \lambda({\cal GOD})$
The Cross of Jesus is victory over death. Colossians 2:14
$\vec{\mathit Jesus} \times \vec{\mathit Jesus} = \frac{\bf victory}{\bf death}$
Christ transforms us; the life we live, we no longer live for ourselves, but for Christ. II Corinthians 5:15
${\widehat{L{\imath}fe}(\dagger)} \equiv \frac{1}{\sqrt{2\pi}} \int_{-\infty}^{+\infty}\!{\mathit life(I)}\,e^{-iI\dagger}\,d(I)$
Love is what differentiates Christians from the world. John 13:35
${\bf love} = \frac{d\,{\mathit Christians}}{d\, {\mathit world}}$
With respect to Christ, there is no differentiation; neither Jew nor Greek, circumcision nor uncircumcision, Scythian, barbarian, slave nor free. Colossians 3:11
$\left\{ \begin{array}{c} \frac{\partial{\mathit Jew}}{\partial {\mathit Christ}} + \frac{\partial{\mathit Greek}}{\partial {\mathit Christ}} \\[1ex] \frac{\pm\partial{\mathit circumcision}}{\partial {\mathit Christ}} \\[1ex] \frac{\partial{\mathit Scythian}}{\partial {\mathit Christ}} + \frac{\partial{\mathit Barbarian}}{\partial {\mathit Christ}} \\[1ex] \frac{\partial{\mathit slave}}{\partial {\mathit Christ}} + \frac{\partial{\mathit free}}{\partial {\mathit Christ}} \end{array} \right\} = 0$
Sanctification is integrating faith into life over time. James 2:22
${\bf Sanctification} = \int^{t}\!{\mathit faith}\,d({\mathit life})$
Radical love. The Song of Solomon
$\sqrt{\bf love}$