Implications of OpenID - Google Tech Talk
July 10, 2007 | Leave a Comment
The embeded video comes from a Google Tech Talk given by Simon Willison.
From the abstract:
Simon Willison OpenID is an emerging standard that provides simple, decentralised … all » authentication for the Web. OpenID follows the Unix philosophy, solving one small problem rather than attempting to tackle the many larger challenges posed by online identity. This talk will explore the implications of OpenID, and explore the best practices required to take advantage of this new technology while avoiding the potential pitfalls.
Tags: authentication, decentralized, google, google tech talks, identity, identity management, open id, openid, password, passwords, simon willison, standard, unix, willison
US Federal E-Authentication and Higher Education
March 28, 2007 | Leave a Comment
The United States federal government has been working on an E-Authentication project actively since 2003 in response to the E-Government Act of 2002. Movement has been slow, but there are many federal agencies now leveraging this infrastructure in a federated manner. For more details about the initiative, there is the publicly available Burton Group Report on the Federal E-Authentication Initiative. For an updated view see the GCN article, E-Authentication maps out its future.
Since then, there has been work to bridge both Liberty Alliance and Shibboleth-based federations with the e-Government services. Involvement also extends to the Post Secondary Electronic Standards Council (PESC) who is working with all these organizations to assure higher education is appropriately represented. Certainly NSF Fastlane and Federal Student Aid (FAFSA) seem like the most obvious first candidates to work with higher education institutions.
With all the activity surrounding the federal government deploying these services in a federated method, institutions should definitely be getting their internal infrastructure in place to support and interoperate with one of the major federations (InCommon, eGovernment, etc).
Tags: "liberty alliance", act, authentication, burton group, e-authentication, eauth, eauthentication, egovernment, fafsa, fastlane, federal, federated, federation, financial aid, gcn, government, higher education, identity, identity management, idm, incommon, initiative, liberty, pesc, pki, shibboleth
CAS Frappr Map
January 16, 2007 | 1 Comment
CAS is by far my favorite Web ISO solution. In the past I have posted about it’s popularity at other institutions.
Along those lines is this cool Frappr map of CAS deployments worldwide.
Tags: authentication, cas, frappr, frappr map, google maps, identity management, maps, sso, web iso, web sso, webiso, websso, yale cas, yalecas
2006 in Review: Personal Top 10
December 31, 2006 | Leave a Comment
In general I don’t directly blog much about my personal life. However, I think it is nice to look back at the year and remember the big things that happened. With that in my mind here is my top 10 list of most significant personal events and whatnot from 2006.
10 - Had a new roof put on our house
We hired Black Ox Roofing to put a standing seam metal roof on our house. They did a fantastic job and I will be much more comfortable this winter knowing we should be free from leaks.
9 - Upgraded our living room
I’m starting small here, but I do spend a lot of time each day in my living room. Early in the year my mother repainted our living room as a favor during her February school break. This lead us to rearranging the furniture in a way that greatly enhances flow and conversation. Later we bought a new Samsung 42″ DLP projection TV and a couch, chair, and ottoman set. We also rewired the connectivity between my Mac and the TV so no more wires run across the floor. As a whole all these changes have created a much more habitable and comfortable living room experience. Most of this work was done in preparation for our new baby and the extended time we would be spending hanging around in the living room.
8 - Attended and presented at SunGard HE Northeast Conference in Lake George, NY
I presented on three topics at SunGardHE’s brand new northeast regional conference. The topics were: Collecting Luminis Statistics, Extending SSO - CAS in Luminis, and Implement and Deploy Banner Channels. It is always fun to present and I had great attendance at my various sessions. In addition, the sections I attended were informative and generally well presented. This conference should be great for SunGard HE clients.
7 - Attended CAMP Shibboleth in Burlington, VT
Educause puts on a pretty good show and I certainly learned a great deal from this one. Shibboleth and identity management as a whole are important topics for me. I hope to be able to leverage much of what I learned from this conference to get centralized authorization and federated single sign-on in place at Plymouth State University.
6 - Was introduced to JQuery
After attending the Ajax Experience, Matt introduced me to JQuery. This is the ideal JavaScript toolkit for how I like code to be structured. This new technology in my toolkit is already greatly effecting what I am capable of creating and maintaining. As I become more proficient, I expect my love of JQuery to grow even further.
5 - Blog became trafficked and profitable
I now have over 400 posts and my daily numbers according to Bsuite dance around the 20k mark. I am getting a fair number of comments. In general, this blog has become a highly satisfying piece of my life. In addition I am making a reasonable amount of money doing it, allowing me to fund other entertainment like comics, movies, and video games.
4 - Attended and presented at SunGard HE Summit in Orlando, FL
See my previous post for all the details.
3 - Cruised the Caribbean with my wife and my family
In the spring my parents, my brother and his wife, my aunt and uncle, and my wife and I travelled together to the Caribbean on a cruise. We visited Puerto Rico, Saint Thomas, Dominica, Barbados, and Aruba. I could not have asked for a more entertaining group of people to travel with. The things we saw and experiences we had will forever remain significant in my life.
2 - Found out we were having a baby
Early this year we learned my wife was pregnant and we were having our first baby. This is an amazingly significant milestone in our lives. My wife’s pregnancy went very well, and you can read her week by week experiences on her blog, Being Sara.
1 - Xander was born
At 6:39 pm on Wednesday September 20th my first born son arrived, Alexander “Xander” Grady Tirrell. He weighed 8 lbs 2 oz and was 20.5″ long. After a long labor he was finally born cesarian. He is happy and healthy. As part of his coming into the world, I have not been at work much. I took 6 weeks when he was born followed by a longer leave from November 17th through January 2nd. I have been fortunate to spend a great deal of time with the little guy now when it is so important.
So that’s it. There is my year in top 10 summary style. It’s been exceptional.
Tags: baby, being sara, caribbean, identity management, javascript, jquery, shibboleth, summit
CAMP Shibboleth - Wrap Up
June 29, 2006 | 1 Comment
The following is a wrap-up of what I saw, heard, and hopefully learned from CAMP Shibboleth in Burlington, VT. As always with conferences and workshops, conversations with others and listening to questions asked are usually the most insightful and valuable moments. Much of this may seem scattered in thought, but I need to document these things somewhere…
1) Plymouth State is looking at Shibboleth as a way to accomplish centralized authZ. SunGard sold me on this idea months ago when I could only see Shibb as a federated WebISO solution. I was surprised to see that they are clearly marketing this use case as step two in your implementation plan. Number one is of course to get WebSSO implemented. Both of these are suggested before attacking the politics and policy of extending beyond institutional boundaries. It is clear that this is a smaller step base method that has stages of success. I like this a lot.
2) Shibboleth does attribute release or attribute assertions, not authZ. This seemed like semantics initially, but then I realized from responses to questions that this is an important distinction. Shibboleth could assert in some instances a common name attribute. This has no place in being used for authorization of any sort, but still may be useful, especially with intra-institutional home grown applications. An extremely valuable distinction to understand.
3) I learned that our current implementation methodology of CAS is not ideal. As we rely on an API based mechanism, the authN is coded into our system to rely on CAS. This does not make it as easy to change authN providers or WebSSO solutions as if we used a technology like mod_cas. This explanation from Scott Cantor was illuminating as it gave me a much clearer understanding of how the Shibboleth SP was intended to work when we begin Shibbolizing internal applications.
4) There is an increasing number of federated services becoming available from through third parties that interoperate with Shibboleth. None of these constitutes “the killer app” for Plymouth State University, yet. Of particular note, international federations seem to be moving and forming much quicker than ones in the US. In Europe, a fair number of library related companies appear on their prioritized vendor list including some Plymouth State licenses: EBSCO, JSTOR, and ExLibris.
5) Shibboleth 1.3 can interoperate with federal E-Authentication with a “simple plugin”. This may evolve into our killer application as the Department of Education brings student oriented services online. Currently there are schools using this method to connect so NSF grant applications and the like.
6) The “Where Are You From” (WAYF) concept and implementation has problems. They are even referring to it as “the weakest link.” I’ve had concerns about this, so am happy this is getting attention. In our initial implementation, I believe the simplicity of our environment should allow us to bypass the WAYF. Hopefully WAYF issues will be resolved by the time we start playing in the federated space.
7) When it comes to identity, SunGard’s Luminis causes nearly as many problems as it solves. Others seem to be struggling with this. I’m left wondering if SunGard’s research into the identity management space will eventually lead to some better redesign around this issue.
8) This group has awareness and respect for OpenID. Glad to see this on their radar. When am I getting around to using it?
9) We (Bill Baber, Petr Brym, Ted Wisniewski and myself) met with a representative from the consulting firm Aegis USA. They seem very tuned into what is going on in this space. They also seem to have solid experience working with the Sun Identity Suite which I assume will be a large contender as we work to improve our identity management infrastructure. USNH will be considering them as potential consultant as we look into identity management system wide.
10) Finally some terminology:
IdP - Identity Provider - the core Shibb service that knows who a user is and has access to some attributes it can assert about them.
SP - Service Provider - This is the end service that will consume Shibb asserted attributes. These are the applications we would refer to as “Shibbolized”
ARP - Attribute Release Policy - fairly complicated policies about what attributes are released for what services, and potentially on a per user basis. These are configured through XML.
WebSSO - this is a rebranding of WebISO. Not sure why, but I like it.
Tags: aegis, aegis usa, arp, attribute release, camp, camp_062, eauthentication, educause, federation, identity management, idp, internet2, luminis, nmi-edit, openid, scott cantor, shibb, shibboleth, single sign on, sp, Sun Identity Suite, sungard, wayf, webiso, websso, xml
Cops Need My SSN Why?
June 26, 2006 | Leave a Comment
I was recently awoken in the middle of the night to a huge crash. A drunken guy had driven full speed into a group of trees across the street from my house. I was the first on the scene, the first to interact with the driver. When it came time for me to give a report to the police, there was a short form for me to fill out.
On the form was a field for SSN. I opted to leave this blank. When I gave the completed for the the officer, he gave me trouble about omitting the SSN. I offered to provide my drivers license number, but refused to give my SSN.
When he pressured me further, I told him he had no legal right to require my SSN in this situation. He pleaded further getting increasingly annoyed with me. Luckily I was within my house, within my rights and confident with both. He eventually left, I maintained the security of this piece of information.
How many others would have? How often do these gestapo techniques work on the uninformed public? I fear they get most SSNs, store them insecurely, and never think much about it.
We need more education in the general public about privacy and identity theft. If Bush can use fear tactics to steal our personal freedoms and privacy, can’t we fear the public into standing up and protecting these things?
Tags: accident, cop, cops, identity, identity management, police, ssn
Great New Emerging Blogs
May 24, 2006 | 23 Comments
Over the last few months a few friends and colleagues have started their own blogs. Since then each has put out some fantastic articles and I wanted to take an opportunity to summarize why these are great blogs and highlight my favorite three stories from each.
Ken’s TEK
Ken is my manager at Plymouth State University. His history of forward thinking in the higher education technology space has continued to keep PSU out in front of the University System of NH’s other schools as well as many other higher education institutions. Trust me, I’m not just saying this because he’s my boss, when Ken finally gets a full handle on blogging, we’ll look back on his stories as clear indicators on what is what with higher education technology.
Pomp, Circumstance and Gonfalons
In response to a perceived lack of grandeur during the 2004 Plymouth graduation Ken suggested addition of gonfalons which went over amazingly in 2005. They were again used successfully in 2006. He explains the significance of gonfalons in this article.
Google Trends - Veeerrrryyy Interesting
A great use case for another one of Google’s sweet tools.
SunGardHE Summit Snap Shots
Images from our hugely successful trip to Summit 2006.
Ken has a pile of other great articles on identity management, business intelligence, vodcasts, online education, and more.
Changing gears, this is Randy’s second run at OS. His first incarnation was pretty cool, but this new one blows that old one away. I just hope if this one goes away, all the content doesn’t go with it… again… Randy is a DC comic book loving geek through and through. Me being a Marvel guy, this gives me some great insight on how the lesser half of the comic world thinks.
Seremuppety
An amazingly hilarious parody of Joss Whedon’s Firefly/Serenity done with muppets.
Important Survival Information!
One of the …
Superman: A true Hero will fly again! and Superman’s New Look
Randy is far more excited about the new Superman movie than I am. I appreciate his level of enthusiasm, it is what has kept me paying attention to this movie.
Why is there nothing about Infinite Crisis on his blog yet?
Watersedge
Dan Bramer is the newest in this crowd, but shows great potential. Dan grasps new ideas quickly and is able to convert them into entertaining and insightful ways. Currently there is a lot of WebCT info that is finally being documented. I can’t wait to see what he does when he’s tasked with supporting Luminis and Oracle HTMLdb ongoing.
Tracking Flights in 3D with Google Earth
How flippin’ sweet is this?!? Google Earth is such an awesome application. I love when people take advantage of this application as a platform for additional functionality.
WebCT: The 6 day work week
Here’s Dan flexing his capable WebCT muscles. An insightful extract of previously unmined data.
Dan-a-thon: Disclaimer
An amusing defensive stance after being a key component of one of the most fun trips I’ve ever been on in my life. Dan drove our group through Disney at a break-neck pace, allowing us to see more than we would have expected on such a short trip.
I have to throw an honorable mention to his first story though, Ode to the ‘Construction Guy’, go read this it’s funny as hell.
So, that’s my summary. Check these blogs out and I hope you enjoy them half as much as I do. As for you three, if you’re reading this, keep up the good work.
Tags: blogging, blogs, business intelligence, comic books, comics, daniel bramer, firefly, gonfalon, gonfalons, Google Earth, higher education, identity management, jpss whedon, ken kochien, ken's tek, online education, optimal stupidity, randy szabadics, seremuppety, serenity, summit, sungard, sungardhe, superman, vodcasts, watersedge, webct