Monday Dec 17, 2007

Slides from JavaPolis 2007

OK - one more post in this jetlag-fuelled blogging frenzy...

Here are the slides from my JavaPolis 2007 sessions:

Many thanks to the JavaPolis organizers, in particular Frank Cornelis, for inviting me to speak and making me so welcome at JavaPolis. It was a pleasure and a privilege.

Housekeeping Planet Identity

It's time to do a little housekeeping over at Planet Identity. First, the easy stuff... The feeds for Dmitry Shechtman (feed) and Trusted Network Technologies (feed) have been returning 404 since I-don't-know-when, so I've deleted them from the subscription list. If you know the current whereabouts of Dmitry's or TNT's blogs, then please leave a comment, or email me (if you're reading this in your RSS reader, then just click through to Planet Identity or Superpatterns - my email address is in the sidebar on both.)

Now, the hard stuff. Shelley Powers (feed) and Doc Searls (feed) both write entertaining, lucid, insightful prose, but most of it is not about identity. I've resisted removing folks from the subscription list for some time, but I had some really good feedback at the recent IIW on the usefulness of Planet Identity and how it would benefit from more focus. So, if you want to carry on reading Shelley and Doc, do what I just did - subscribe to them directly - those feed URLs again - Shelley, Doc.

Much as I enjoy playing (more or less) benevolent dictator (mwa-ha-ha-ha-ha!!!), Planet Identity is there for you, the readers. If you have an opinion, either way, on any of these changes, then please leave me a comment. If you'd rather express your opinion to me privately, then, again, my email address is on the sidebar at both Planet Identity and Superpatterns.

With that, I'll bid you a good day and leave you to the ever-widening river of news...

Friday Nov 09, 2007

Slides from Liberty Tokyo and TriLUG

I've been back from Tokyo for a couple of weeks now and just realized that I haven't posted slides from my presentation on OpenSSO, so here they are [PDF]. Many thanks to the Liberty Alliance Japan SIG for organizing this day - about 220 attendees heard the latest Liberty Alliance news, many of them stopping by my booth afterwards to see OpenSSO in action. Special shouts to Takashi and Tatsuo for making me so welcome in Tokyo, as always. Via Tatsuo, here are some pics from our excursion on the last night there - I'm the balding caucasian guy in the blue t-shirt

Moving on... the preso at TriLUG last night - 'Digital Identity from LDAP to SAML and Beyond' - went well - about 60 or so very technical attendees. When I asked how many people in the audience did NOT understand sequence diagrams, only a couple of hands went up, and I breathed a sigh of relief as I explained the basics.

A BIG thankyou to Andy Oliver and the rest of TriLUG for the invitation to speak - it's a pleasure to talk to a well-informed, interested audience who are there by choice, not because it's their job . As promised, here are the slides [PDF]. There should be some video at some point too; I'll update this blog entry when it appears.

UPDATE - ogg and mp3 audio available. Listen to my voice gradually die due to the cold I'm suffering.

UPDATE 2 - thanks to Rich for the photo, and for providing accommodation at Pixelfodder Towers for the whole Patterson clan

UPDATE 3 - thanks to Takayuki for the photos from the Liberty Tokyo event. Here's a nice one of Tatsuo and me.

So - where next? IIW2007b in Mountain View, December 3-5, then Javapolis, in Antwerp, December 10-14. That'll be about it for 2007. Hopefully.

Monday Nov 05, 2007

Internet Identity Workshop 2007b

IIW2007 Registration banner

As if I didn't have enough on my plate for the next few weeks, I'll be schlepping up 101 to the Computer History Museum in Mountain View from December 3rd-5th for Internet Identity Workshop 2007b.

I'll be catching up with old friends, hoping to hear more about OAuth and OpenSocial, and maybe even contributing to the untalent show on the Tuesday night. See you there!

Wednesday Oct 10, 2007

Open Provisioning Toolkit Launched - OpenPTK

I'm supposed to be packing for a trip right now, rather than blogging, so I can't write much, but Terry, Scott (dude - you need to put your blogging hat back on) and Derrick would never forgive me if I missed this. Suffice to say - OpenPTK is very cool, and you can find out much more about it in the following blog posts:

Saturday Jul 28, 2007

Planet Identity Updates

It finally happened - I got a round tuit. The tuit in question was updating Planet Identity to a more recent version of the Planet software - specifically, Sam Ruby's Venus. There will be a bit of short term disruption as things settle down (I had to clear the feed cache), but the upside is that Atom feeds are now properly supported - no more <s and >s in the feed. Hopefully

Tuesday Jun 26, 2007

Concordia Workshop June 26 2007

Well, I was going to type up my notes from the Project Concordia workshop yesterday, but it looks like the two Marks (Dixon and Wahl) comprehensively beat me to the punch. Much good stuff, particularly the GSA eAuthentication presentation, which detailed the issues involved in rolling out federation across the Federal Government. It was also refreshing to see folks from Microsoft and the OpenID and Liberty Alliance communities engaging most constructively. Seems like Concordia was appropriately named.

Sunday Jun 24, 2007

It's only a flesh wound!

The Burton Group's Catalyst conference is always great value - insightful analysis from the Burton crew, customer case studies and last, but certainly not least, vendor hospitality suites. Our superstar marketeer Bianca Botello always does a fantastic job on Sun's suite - last year's theme was a superhero-filled Identity City; 2005 saw an Identity Mission into space. This year it's 'Monty Python and the Holy Grail' - complete with our CEO, president and star blogger 'King' Jonathan Schwartz. Come and quaff ale at Sun's hospitality suite in the Hilton San Francisco's California Room on Thursday, June 28 from 6 to 9:30pm.

Sign up for a hospitality suite badge with promo code: hsgsun.

While we're on the Holy Grail theme... It's a little known fact that my older brother, George Patterson, was an extra in Monty Python and the Holy Grail. A couple of years ago I bought the DVD and captured the relevant screens. Here's George dancing in the wedding scene (he's the tall guy with red hair), about to be slaughtered by John Cleese:

And a very cool close-up, post-slaughter:

A more recent pic:

As far as I know, George has had zero presence on the web. Until today

Friday Jun 22, 2007

Web 2.0 Meets Directory

Friday lunchtime is my slot for catching up with podcasts. Today I listened to Trey, Don and Brandon discussing the OpenDS project and its Atom/LDAP offshoot - 'Web 2.0 Meets Directory'. Good stuff and quite funny as they rib Trey a little over James Governor's assessment of the Atom/LDAP mashup as "the coolest work at Sun Microsystems right now". Of course, I would submit that OpenDS and Atom/LDAP are actually just a little way off being the coolest project at Sun. But then, I would, wouldn't I?

Monday Jun 18, 2007

Sun Shines on Open ID

I just listened to my good friends Don Bowen and Eve Maler discussing Sun's OpenID deployment with Brandon Whichard- the latest in Sun's Identity Management Buzz podcast series.

Worth the listen - Eve goes into some detail on the lessons that Sun has already learnt from - and there are some insights into Eve, Don and Brandon's music buying habits. Show tunes, Don? Listen Now or Subscribe via iTunes.

Monday May 07, 2007

Identity and Web Services: A Marriage Made in Heaven?

Don Bowen, Wizard of IdM

Although I don't have a technical session this year, I will be up at JavaOne tomorrow, presenting "Identity and Web Services: A Marriage Made in Heaven?" with my good friend, the Wizard of IdM, Don Bowen, at 1:05pm in the Pavilion Theater. We'll spend about 20 minutes exploring the different ways that identity and web services impact each other. If you've heard Don on the Sun IdM podcasts, you know this'll be fun

UPDATE - here are the slides [PDF].

Tuesday Mar 06, 2007

OpenID on OpenSSO

Paul Bryan, one of our 'external' OpenSSO committers, has been hard at work implementing an OpenID identity provider for OpenSSO. You can take a look at his work so far at - by the time you read this, there might even be some test accounts available there to play with. I spent a happy half hour last night logging into Jyte, FirstSSO, OpenID Wiki and more.

Watch for the source appearing at OpenSSO any day now...

Thursday Mar 01, 2007

Identity Management Buzz

The fabulous Bianca Botello (our Marketing Programs Manager for identity management - if you've marvelled at Sun's hospitality suites at the Burton Catalyst conference then you've seen Bianca's work) is now blogging at Identity Management Buzz. Get all the latest news on Sun's identity management user group meetings, our latest identity management podcast and even Rainn Wilson ('The Office's Dwight Schrute) hosting Saturday Night Live.

(In case you're wondering about the bag image - Bianca is a huge LV fan )

Monday Jan 15, 2007

InfoCard and Minimal Disclosure

[I would have left this as a comment on Kim's blog, but I don't have an InfoCard handy and I can't figure out how to register there for a good old username and password...]

Kim Cameron replies to a question from Eric Schultz with a description of how InfoCard (or is it CardSpace?) handles minimal disclosure, allowing the relying party to request only the information it needs. In Kim's example, the relying party requests four claims regarding the user via an OBJECT tag:

Then, according to Kim,

If, next time, the relying party doesn’t want to receive these claims, it just doesn’t ask for them. If it has stored them, it should be able to retrieve them when necessary by using ”privatepersonalidentifier” as a handle. This identifier is just a random pairwise number meaningless to any other site, and so there is no identity risk in using it.

But, but, but... how does the relying party know not to ask for givenname, surname and emailaddress the second (and subsequent) time round? It doesn't know that it's already collected those claims for that user, since it doesn't know who the user is yet...

If only there were some specification [PDF] (perhaps part of some sort of framework) that, given a token from an authentication, allowed you to get the data you needed, subject, of course, to the user's permission [another PDF]. Smile!

Tuesday Dec 05, 2006

YADIS/XRI Identifier Resolution with SAML 2.0

This week at Internet Identity Workshop 2006b I've been demonstrating some work I've been doing to combine YADIS/XRI Identifier Resolution (as in OpenID) with SAML 2.0 Web Browser SSO Profile. The user experience is:

  1. I go to a service provider (relying party)
  2. I enter my identifier (URL or i-name)
  3. I authenticate at my identity provider
  4. I can access services at the service provider

The magic takes place between steps 2 and 3: the service provider resolves the user's identifier, which might be a URL or an i-name, to the location of a SAML 2.0 identity provider. The service provider can now do vanilla SAML 2.0 with the identity provider. The easiest way to see what's going on is via a demo, so, here you go:

Click to view Flash presentation

By the way - the service provider is implemented on top of Project Lightbulb. I need to do some tidying first, but I'll put the YADIS/XRI code there soon.

UPDATE - coverage of this demo at IIW2006b:




« August 2016