Planet Identity
May 12, 2008
There is much more to cost equation than the up-front price you pay. Microsoft has done an outstanding job of hiding the true costs of its software from consumers. Linux eliminates these hidden costs from Windows:
Linux empowers you to run your business on low-cost computers that are deemed worthless within the distorted perspective of "Windows world." I'm writing this article, for example, on a Pentium III. It runs Ubuntu just fine, and it runs Puppy Linux fast as a scalded greyhound.
Original article
Gartnerのレポート:"Open Source at Sun Microsystems, 2008"
[Summary] Gartner reported Sun's open source strategy. Visit here.
(Translate to English)
Gartner から"Open Source at Sun Microsystems, 2008"なる興味深いレポートがWebにあがっています。 以下、気になる箇所について引用と共に。
まずは現状について:
No other major IT platform vendor has committed so much of its core
assets to the open-source software model as Sun Microsystems.
Certainly, companies such as IBM, Oracle and BEA Systems have
dramatically expanded their own open-source strategies in recent years,
but only Sun has literally open-sourced nearly the entire family of
products — that is, its intellectual property (IP) — from its operating
system to Java.
(超荒訳)
Sunほどコアの資産をオープンソース・ソフトウェア・モデルにコミットしているメジャーなITプラットフォームベンダーはいない。たぶん、IBM, Oracle, BEA Systemsといったところは、数年のうちに劇的に自身のオープンソース戦略を広めていくであろう。しかしSunだけが実際にプロダクト群の殆ど全てを(既に)オープンソース化してしまった------知的財産である、オペレーティング・システムからJavaまで
将来どうなるか、というと:
Of all the major
platform vendors (IBM, Microsoft, Oracle, HP and so on), Sun is
best-positioned to drive the integrated open-source "stack" into the
mainstream. Its success and challenges will provide the reference
points by which other vendors will measure their own commitments in
coming years.
(超荒訳)
IBM, Microsoft, Oracle, HPなどメジャーなプラットフォーム・ベンダー全ての中で、Sunは統合されたオープンソース”スタック”をメインストリームへと推進する”ベスト・ポジション”にいる。 Sunの成功と挑戦は他のベンダーが数年内に自らがコミットする範囲のリファレンス・ポイントとなるだろう。
最後にユーザへの”お薦め”として
- Understand that investments in Sun products and services will
include a commitment to a wide range of open-source technologies as
well.
- Carefully monitor Sun's investments and initiatives in open source to collect insights into its future directions.
- Monitor Sun's momentum as it endeavors to establish a success story
around the synergy of open source and its commercial software and
hardware efforts.
(超荒訳) - Sunの製品とサービスが広範囲にわたるオープンソース技術へのコミットを含んでいることを理解すること
- 将来の方向性を深く知り得るためのオープンソースへの投資とそこでのイニシアチブを注意深く見ていくこと
- オープンソースと商用ソフトウェア、それに加えてハードウェアのシナジー効果によるサクセス・ストーリーを作り上げる活動をしているSunの勢いを見ていくこと
「オープンソースでどうやってビジネスをするんだ!」との疑問に直接答えてくれているわけではないですが、あのGartner がSunをITベンダー界におけるオープンソースのリーダーとして認めてくれた、、というのは、価値があることだと思います。
"Remember - a National Insurance number is not proof of identity"
Source: DWP website
My friend Alec Muffett thinks we should do away with “Big I” Identity. I’m all for that … but Alec seems to be quite confused.
Firstly, his central point, that all the modern electronic identity requires the involvement of third parties, is just plain wrong. OpenID, which he doesn’t mention, is all about self-asserted identity - I put stuff on webpages I own and that’s my identity, Cardspace, to the extent it is used at all, is mostly used with self-signed certificates - I issued a new one for each site I want to log in to, and each time I visit that site I prove again that I own the corresponding private key. And, indeed, this is a pretty general theme through the “user-centric” identity community.
Secondly, the idea that you can get away with no third party involvement is just unrealistic. If everyone were honest, then sure, why go beyond self-assertion? But everyone is not. How do we deal with bad actors? Alec starts off down that path himself, with his motorcycling example: obviously conducting a driving test on the spot does not scale well - when I took my test, it took around 40 minutes to cover all the aspects considered necessary to establish sufficient skill, and I’d hesitate to argue that it could be reduced. The test used to be much shorter, and the price we paid was a very high death rate amongst young motorcyclists; stronger rules have made a big inroads on that statistic. It is not realistic to expect either me or the police to spend 40 minutes establishing my competence every time it comes into question. Alec appears to be recognising this problem by suggesting that the officer might instead rely on the word of my local bike club. But this has two problems, firstly I am now relying on a third party (the club) to certify me, which is exactly counter to Alec’s stated desires, and secondly, how does one deal with clubs whose only purpose is to certify people who actually should not be allowed to drive (because they’re incompetent or dangerous, for example)?
The usual answer one will get at this point from those who have not worked their way through the issues yet is “aha, but we don’t need a central authority to fix this problem, instead we can rely on some kind of reputation system”. The trouble is no-one has figured out how you build a reputation system in cyberspace (and perhaps in meatspace, too) that is not easily subverted by people creating networks of “fake” identities purely in order to boost their own reputations - at least, not without some kind of central authority attesting to identity.
Yet another issue that has to be faced is what to do about negative attributes (e.g. “this guy is a bad risk, don’t lend him money because he never pays it back”). No-one is going to willingly make those available to others. Once more, we end up having to invoke some kind of authority.
Of course, there are many cases where self-assertion is perfectly fine, so I have no argument with Alec there. And yes, there is a school of thought that says any involvement with self-issued stuff is a ridiculous idea, but you mostly run into that amongst policy people, who like to think that we’re all too stupid to look after ourselves, and corporate types who love silos (we find a lot of those in the Liberty Alliance and the ITU and such-like places, in my experience).
But the bottom line is that a) what he wants is insufficient to completely deal with the problems of identity and reputation and b) it is nothing that plenty of us haven’t been saying (and doing) all along - at least where it works.
Once you’ve figured that out, you realise how wrong
I am also here not going to get into the weirdness of Identity wherein the goal is to centralise your personal information to make management of it convenient, and then expend phenomenal amounts of brainpower implementing limited-disclosure mechanisms and other mathematica, in order to re-constrain the amount of information that is shared; e.g. “prove you are old enough to buy booze without disclosing how old you are”. Why consolidate the information in the first place, if it’s gonna be more work to keep it secret henceforth? It’s enough to drive you round the twist, but it’ll have to wait for a separate rant.
is. Consolidation is not what makes it necessary to use selective disclosure - that is driven by the need for the involvement of third parties. Obviously I can consolidate self-asserted attributes without any need for selective disclosure - if I want to prove something new or less revealing, I just create a new attribute. Whether its stored “centrally” (what alternative does Alec envision, I wonder?) or not is entirely orthogonal to the question.
Incidentally, the wit that said “Something you had, Something you forgot, Something you were” was the marvellous Nick Mathewson, one of the guys behind the Tor project. Also, Alec, if you think identity theft is fraud (as I do), then I recommend not using the misleading term preferred by those who want to shift blame, and call it “identity fraud” - in fraud, the victim is the person who believes the impersonator, not the person impersonated. Of course the banks would very much like you to believe that identity fraud is your problem, but it is not: it is theirs.
Share This
This is quite fun, if you have a few minutes to fritter away. The Identity Management product suite folks have come up with a Pacman-style game where you use the various product 'power-ups' to chase your way through different user types and IDM hazards (such as disgruntled former employees and the dreaded Auditors...). Be careful, though, the colour of the power-up makes a difference to who you should chase next!
Project WebSynergy のページに
Project WebSynergy is known to work on the following OS platforms:
portal: Installing and Using Project WebSynergy
とあったので,
とりあえず入れてみた.
なお, SUNWj6dev とかを OpenSolaris 2008.05 のインストール後に追加する必要があるので要注意.
やりかたはこんな感じ↓
$ pkg install -v SUNWj6dev SUNWj6cfg SUNWj6man SUNWj6dmo
Before evaluation:
UNEVALUATED:
+pkg:/SUNWj6dev@0.5.11,5.11-0.86:20080426T174949Z
+pkg:/SUNWj6cfg@0.5.11,5.11-0.86:20080426T174949Z
+pkg:/SUNWj6man@0.5.11,5.11-0.86:20080426T175029Z
+pkg:/SUNWj6dmo@0.5.11,5.11-0.86:20080426T175002Z
After evaluation:
None -> pkg:/SUNWj6dev@0.5.11,5.11-0.86:20080426T174949Z
None -> pkg:/SUNWj6cfg@0.5.11,5.11-0.86:20080426T174949Z
None -> pkg:/SUNWj6man@0.5.11,5.11-0.86:20080426T175029Z
None -> pkg:/SUNWj6dmo@0.5.11,5.11-0.86:20080426T175002Z
None
DOWNLOAD PKGS FILES XFER (MB)
Completed 4/4 1900/1900 70.40/70.40
PHASE ACTIONS
Install Phase 2354/2354
$
The Magic Include Shell took my blog offline and finally compelled me to move it to new hosting quarters, upgrade to WP 2.5.1, install a new theme, and add OpenID and information card support - all thanks to the magic of Stas Zubalevich at Parity.
If your WordPress suddenly goes wonky, I highly recommend this article [...]
もう先週金曜のことになってしまったけど,
守屋さんが
SIGMA DP1
というカメラ
を貸してくれたので,
Sun Business .Next 2008
に行って何枚か撮ってみた.
藤井さん
野々上さん
寺田さん
I finished my second round of chemo on Friday night and didn’t get nauseous the entire time. Is that amazing? No, that’s God. I did have one small issue on Thursday night where I didn’t drink enough water to get the temodar down, I think. I ended up burping temodar and that was quite unpleasant. I didn’t make that mistake Friday. Now I have 21 days before I have to take anything.
I was hoping to walk more than every other day, but it just hasn’t worked out. The gel pads are really helping my heel, but I can tell it is sore. I’m hoping to do my walking outside a bit more, but the weather hasn’t been cooperating.
I’m golfing this next Saturday for the first time since last year. It should be interesting. Clearly someone else will have to watch where my ball goes. Fortunately we’re playing a scramble. Maybe we’ll use one of my putts. I’m just hoping for a headache free day. I am definitely driving the cart. My friend Dan is usually the passenger, though he may have misgivings this year. I’ve almost killed him a few times when I had good vision so he’s used to it 
I’ve had increased pain these past few days and it could be due to my cut back on decadron. I’m now down to .5mg twice a day and hope to stop altogether this Wednesday. If the pain goes up and stays there I’ll know I still need to take it. Pray that it doesn’t. I really want to get off that stuff.
It may have been true before, but it is definitely true now. I am officially full of crap. This comes as no surprise to many of you, but I think I have good excuses. The decadron and temodar are incredibly constipating. However, I’m sure many of my friends will pooh pooh that (get it? :-)) Yes, you can tell me “I told you so” the next time you see me, though I’m hoping to remedy the situation before then
One of the great things about staring your mortality in the face is being reminded about what is really important. You are also reminded about how potentially limited your time is to focus on those important things.
“Show me, O LORD, my life’s end and the number of my days; let me know how fleeting is my life. You have made my days a mere handbreadth; the span of my years is as nothing before you. Each man’s life is but a breath. Man is a mere phantom as he goes to and fro: He bustles about, but only in vain; he heaps up wealth, not knowing who will get it. But now, Lord, what do I look for? My hope is in you.” (Psalm 39:4-7)
Living for the important is hard, but not doing so is foolish. By the grace of God I’m becoming less foolish each day.
Saturday we went to visit our friends from college, the Martin’s, and had a great time. They introduced us to a new game and it was a lot of fun. It’s called telephone pictionary, I think. Here is how it works. We had nine people playing so each person has a stack of nine small sheets of paper. Think 3″ x 4″. Each person starts by writing down some random sentence on the top sheet. I wrote, “Eileen will not be getting diamonds for Mother’s Day.” Clever, huh? You then pass the stack to the next person. They read the top sheet, place it at the back and then draw a picture of what they just read. They have one minute!
The next person looks at the picture, places it at the back and writes a sentence to describe what they saw. And so on until it is back to the person who started it. You then take turns showing your “story”. It’s pretty funny. You hear things like, “Oh, that’s where the little egg came from” and someone else will say, “What egg?” ‘m thinking Wendy will like this because she won’t have to lose.
Sunday I walked before church and I’m glad I did because I haven’t felt that great most of the day. Unfortunately Eileen was really sick this morning and couldn’t even go with us. It didn’t end up being a great Mother’s Day for her so I will have to figure out how to make it up to her.
We had a guest speaker for Mother’s Day who was pretty funny. Julie Barnhill is a speaker and author on Motherhood and had a great message. She used one of her book titles, “Motherhood: The guilt that keeps on giving”. I know my sister Anita loved what she had to say and I could see it affected many of the women.
One of my friends, Beth, from high school is a good friend of Julie’s, so we had that in common. I also talked with her about writing a book. Until I started blogging I hated writing, but I have had many of you encouraging me to turn this into a book. I’m still very skeptical, but am pursuing input from people who know. We’ll see.
While walking this morning I listened to Andy Stanley from NorthPoint Church in Atlanta share his first message in a series on Faith, Hope and Luck called Better Odds. He talks about the fact that all of us have our faith ladder resting against something. Is it something that changes over time or something that will stand the test of time? How about stage four brain cancer? I highly recommend it and hope many of my friends will take the time to listen. It’s only 40 minutes. I can’t wait to listen to the other two messages in the series, Betting On Hope and Beating The Odds, which he’s already delivered. You can subscribe to their iTunes feed here.
I need a miracle, God specializes in them, pray BIG!
The requirements I’ve been talking about lately in this space aren’t impossible to satisfy. What solutions are here today or on the horizon?
For web services that enable reduced data disclosure and can operate when we’re not around to tell them how, Liberty ID-WSF is a strong match. And its Interaction Service capabilities are a strong match for adhering to user-configured ways of obtaining consent or additional info, when doing an action “silently” would have been outside my established policy.
For encapsulating an individual’s policy in a usefully machine-readable way, an interesting technology stack involving XACML, WS-Policy, CARML, and AAPML is starting to appear (including in open source) that could turn out to be very helpful (Identity Rights Agreements, anyone?) — if we can figure out where in the process human beings can actually apply it and make it stick.
That last “if” is where a lot of exciting stuff is happening. Some folks have been working on an approach called “feeds-based VRM”, a name reflecting both the VRM use cases it first tackled and the Atom feed-based (lightweight pub/sub) architectural approach it uses. Alec Muffet published an excellent paper on the subject in February (also see Adriana Lukas’s Power to the Persons introductory post) that shows how robust and powerful this model could be.
In my NZ talk I essayed an explanation of the approach using this diagram…
…and posed these questions: What if…
- We could host our own digital data, for sharing only with our chosen online partners, on terms we set?
- We could create the data however we wish –- once –- then share it “in bulk”?
- Partners could grab the freshest version at any time?
- We could audit usage and cut off “bad partners”?
- We could combine this with existing identities –- silo-based, traditionally federated, OpenID -– and identity-aware services?
- We could build an ecosystem for this on the very thinnest of standard Web technology layers?
ID-WSF could do the first few what-ifs, I think, but today provides no solution for cutting off bad partners and today is built on a fairly heavy stack that can’t be called a “thin Web layer” (though the work Hubert has been blogging re: RESTful ID-WSF may change that picture). I believe creating feeds that are (a) custom and (b) access-controlled can potentially satisfy all the what-ifs. It’s a living embodiment of a relationship-forging stage which, when combined with clever auditing, whitelisting, and the like in a highly usable interface, has the ability to let us modify and even terminate data-sharing relationships over time. User-driven indeed!
(By the way, Alec has said he doesn’t want to include policy metadata as part of the feed mechanism for now — he’s keen to vet the basic technical approach first, which makes sense to me, and let more sophisticated applications emerge later. In any case, the very act of customizing a feed for a particular recipient contains some policy within its essence, which is one of the exciting things about it.)
It’s great to see that Adriana et al. have, just today, expounded on their full-size vision in a post and public paper that you’ll definitely want to check out if your interest has been piqued so far. Note that the personal data store component has been dubbed the “Mine!”, and that this component gains new emphasis vs. the “FeedMe” on-the-wire component compared to the original paper. (I’m not sure I buy the full-size vision for the Mine component, but am keenly interested in the ecosystem effects and UI usability of the FeedMe component — and I swear it’s not just ’cause I suggested that as a name! :-) )
No doubt next week’s IIW event will provide great opportunities for digging into all this in more depth. And the Mine paper advertises the mailing list for what will be an open-source Mine project.
May 11, 2008
Byteflow Blog Engine. This looks like the most full-featured of the Django blog engines by a pretty big margin, including OpenID client and server support. A product of the growing Russian/Ukrainian Django community.
Previously, I argued that people are not going to sit still for the heavyweight login-and-consent processes that we IdM professionals are starting to pile on them. They will find ways of getting around the onerous series of screens, clicks, and what-have-you we’re imposing.
True confession time: I’m probably the biggest user of Sun’s OpenID Provider in the company. I use it to log in to the Project Concordia wiki, and I’ve been trying to be a good do-bee and use it consistently. A while back, the Sun OpenID server went down temporarily, and I had edits to make. What to do? I discovered that a local login, set up for me when we were getting the wiki ready to go live, was still around and the cookie was still working, so it would auto-fill my username and password. Ooh, I can hit Return once, no redirects, no having to say that I really do want to send my info to that RP… It’s like crack. Even I have a hard time going back to the “better” OpenID.
I also argued that people currently have little power in setting up data-sharing relationships with sites, because there’s no window for them to do anything but accept the data-sharing terms offered (or reject them and not get to use the service).
The Vendor Relationship Management folks were really the first to bring this issue out of the closet. Yes, Liberty ID-WSF tries to enable a marketplace in privacy-respecting personalized services, but it tackles plumbing — whereas VRM digs into individuals’ needs in an evocative way that flips an “I want that!” switch in people’s heads. Suspecting that few people in the NZ conference audience were familiar with VRM, in my talk I essayed a quick explanation using a two-part diagram that will be familiar to devotees:
A few people actually gasped and applauded when I got to the green arrows — so I hereby pass the kudos on to Doc Searls and the entire Project VRM gang! (And congrats on the recent EIC Special Award as well.)
There’s a point about timing that I touched on before but wanted to dive deeper on.
The times when I’m motivated to log in to an online service have a not-hugely-strong relationship to (a) the times when the service needs to do something interesting on my behalf (such as determining whether to allow Bob into my calendar to see or add information — he’s logged in, but why should anyone expect me to be?) and (b) the times when important info about me changes (such as when I move house).
Project VRM has developed “change of address” as one of its seminal use cases, and this temporal mismatch helps explain its appeal. Having to do a regular login process to tell fifty online services you’ve moved is the worst possible architectural choice if we care about usability or fairness or data freshness.
This issue lays more of the groundwork for the requirements I proposed earlier:
- Services that can provide aggregate value to us even when given a small and disjoint set of our info to work with for privacy reasons
- Services that operate according to our data-sharing and -usage preferences all the time without bothering us, but know how to contact us in extraordinary circumstances
- A relationship-forging stage or function or ceremony, apart from routine login-time, at which we can craft such policies and get them to stick
(Paul, I knew I could count on you to steal my extremely delayed thunder. :-) Continue to steal away while I work on one last post…)
Consent administration is a separate application contributed by Wayf.dk, where users can add and withdraw consent granted to send attributes to SAML 2.0 service providers.
We setup a separate User consent page on the simpleSAMLphp homepage. We will add more documentation and information about user consent here.
Kim Oechsle from Wayf.dk is one of the main developers behind the User Consent Administration package.
Today we also checked into trunk updates which allows translation of the consent module user interface into multiple languages.
User consent is about giving users control of their own identity and who's getting access to their personal data. With user consent you put the user in charge.
This mailinglist includes the people involved in translating simpleSAMLphp into other languages.
I will send notifications to this list, when new terms are added (together with new functionality in simplesamlphp) and ready to be translated.
Access agents, which are a form of
personal directories, are required to solve multiple problems in digital identity. Access agents should perform the user-centric, end-point management of user-id/password pairs, personal private keys, OTP (on-time password) seeds, OpenID tokens, etc. -- all the credentials an end-user possesses (and is expected to manage). Access agents should follow end-users around to all the end-points where human comes into contact with cyberspace. (I like to think of end-points as the 4P's -- PC's, PDA, phones, and portals.)
There are multiple reasons for end-point access agents:
1. Simplification of the user's world
2. Migration to multi-factor authentication
3. Integration
But the bottom-line is
control. Control for the end-user in that he/she can finally stop worrying about dozens of access codes. And with better control comes the possibility of increasing security. Which also results in control for the enterprise in better security and more auditability. (Yes, the access agent can act as
big brother for the enterprise.)
Dave Kearns has written a bunch on the need for personal directories. He sees most of the work on identity management, including OpenID and InfoCard, leading to a logical conclusion - the personal directory system.
Links to Dave's Articleso May 2002,
The need for a personal directory (http://www.networkworld.com/newsletters/dir/2002/01331333.html)
o January 2007,
Someone else wants a personal directory! (
http://vquill.com/labels/personal%20directory.html)
Kim Cameron of Microsoft
makes a pitch for why Metadirectory is still relevant, or at least why data needs to live in multiple places.
One key element of this argument is that when combining transactional data with identity data, you're not likely to do the required data joining across remote systems.
Compare this to what happens if all the information necessary to respond to a query is present locally in a single database. I just do a "join" across the tables, and the SQL engine understands exactly how to optimize the query so the result involves little computing power and "even less time". Indexes are used and distributions of values well understood: many thousands of really smart people have been working on these optimizations in many companies for the last 40 years.
He's right and this is a really important point. The data used in this example absolutely should live in a repository where it can be locally joined.
How does the data get from point A to point B in this example? Which of these points is the starting point? Does this data actually originate first in point C? Do these repositories have the same representation for the given data elements?
Certain very widely used data is likely to be in multiple systems and has a relatively low rate of change that doesn't cause much of an issue for any of the usual means of getting it there. Such information might include unique identifiers, names, department, job code, email addresses, and the like.
In Kim's example, it would not be unlikely to do a join against an employee number, department, or other information. In the same way, it would be highly unlikely that this join would be done with a password, data from CRM, and other such data.
The real problem today is that synchronization is so loosely-coupled. This is unlike replication, where it's become relatively easy to recover from failure and the mechanism involved in moving data knows exactly how to deal with both ends of the data movement connection.
As applications become better at pushing their changes, rather than depend on provisioning and meta-directory systems to do deltas against their databases, we'll see much of this problem become greatly simplified.
At that point, instead of the value being in how tightly you can make your connections and move changes, the value is in what you can do with those changes. Can you use those changes to trigger workflow? Can you apply business policy against those changes? Can you centrally audit and do reporting against those changes?
This higher order value is exactly what customers look for in provisioning.
The identity bus itself will be a mix of common publish/subscribe style data movement and virtualization that will provide the identity views that minimize the overall level of data movement through the system.
Technorati Tags:
LDAP, meta-directory, virtual directory, identity bus
Dave
continues in his latest posting...
It does seem that when a bold thought is made as an pithy, somewhat humorous statement that it's seen as some how denigrating the subject. so let me say it once again -
Like COBOL, LDAP is so deeply ingrained in our computing arsenal that it can never be entirely replaced.
Exactly. Glad we're all in violent agreement.
That said, the one thing that will be similar to COBOL is that people will be touching it without knowing it.
Just as today there are countless web services that provide access to data that was once tucked away on proprietary mainframes, tomorrow's identity applications will be touching identity data accessed via LDAP under the covers. And just like in the mainframe situation, these directories will only be playing a part of the role necessary to complete the full transaction.
For the record, my first paid technology job (an unpaid internship, now that I think of it) was updating COBOL code on an HP/3000 mini-computer in the late 80's. I can only hope that my code isn't still running someone's business!
Technorati Tags:
directory, LDAP
I never thought that I would use the two in same blog entry. But I really liked one of subplots of the
movie which revolved around usage of social engineering to extract sensitive information about HNI from a Call Center employee for extortion purpose (well a good usecase for DLP). Again given that there are existing products in DLP space to prevent the same from happening over network, would it make sense to add the same to the voice channel too?
The quality of voice recognition (esp for numbers) technology is pretty high. This is pretty evident from the number of deployments in multi-level IVR menus. But , I think, the voice recognition capability of these IVR system is high because it is based on the premise that the user wants its voice to be recognized and false positives for these systems are probably still pretty high.
Incase of DLP, I think, the basic idea is to control accidental release of information and some simple data theft scenario. So, from that perspective adding Voice recognition to DLP makes sense esp for call center deployments.
Greg Curtis and John
Valentine, House Speaker and Senate President
(click to
enlarge) |
I'm at the Utah State Party Convention this morning. There are
literally thousands of people here. Traffic was backed up off the
exit ramp near UVU (where the convention is being held). The
convention just opened at 10am, but even at 8am, the parking lots
were full. People come early to pick up their credentials and wander
the candidate booths.
I enjoyed wandering around and talking to a bunch of folks who I
normally don't get to see. Lots of old friends and acquaintances
here.
Chris Cannon running for Congress in the Third District
(click to enlarge) |
We start with prayer, the flag ceremony, the pledge of allegiance,
and the national anthem. Carmen Rasmusen
Herbert sang the national anthem and it was very nice. She's
married to Gary Herbert's (Lt Gov) son Bradley, for what it's worth.
The Utah Republican
party has a set of banners up and buttons playing on the "i can"
in "republican." "I can provide students an excellent
education," "I can give my family a great life," and so on. Very
clever and emphasizes the Republican ideal of self sufficiency.
Opening ceremony at the convention
(click to enlarge) |
After the opening, we had a credentials report and adopted the rules
and agenda for the convention.
As usual, there was drama around Mike Ridgeway. Apparently Salt Lake
county refused to seat him has a delegate and there was a motion to
allow him to be seated at the State convention. It failed. I'm sure
there will be more.
We've now moved to the district breakouts. District 3 stayed in the
main hall, so I just sat still. The candidates I consider serious
contenders in District 3 are
Chris Cannon, the incumbent, David Leavitt, and Jason Chaffetz.
There's also Joe Fergeson and Stone Fonua who haven't raised much
money and haven't been heard from by delegates. They'll get their
seven minutes of fame this morning. Fergeson is campaigning against
the North American Union and Fonua is campaigning for something
called "the Peacemaker."
Jason Chaffetz has raised around $70,000. David Leavitt raised twice that
many and Chris Cannon has doubled Leavitt. Not surprising since
Chris is the incumbent.
I'm torn between these three. I believe them all to be good men with
Utah's best interest at heart. They aren't that far apart
politically. I know Chris and Jason well. I've spoken to them
several times over the course of the campaign. I don't know David
Leavitt, but have tremendous respect for his brother Mike (current
Secretary of HHS).
When I ran in my caucus meeting, I told the people there I'd base my
vote for congressman on the basis of their support for Larry Lessig's Change
Congress. I've had the opportunity to speak to both Chris and
Jason about this and they were both supportive of two of the four
pledges. Chris didn't think eliminating PAC money was practical, but
was in favor of limiting all contributions to less than $300.
Why didn't I speak to David Leavitt about Change Congress? It's
partly my fault: I went to only one event where he spoke. But it's partly
his fault as well. He's been largely unavailable. Several attempts
to get a message to him about Change Congress through his staff
failed to elicit any response.
In fact, one of the things that's turned me off about
Leavitt's campaign is that it's been much more impersonal than
campaigns I'm used to. Lots of events to hear him speak and lots of
literature, but not much personal contact. This morning for example,
Chris and Jason were both at their booths (and I've got photos
to prove it). Where was Leavitt? I don't know. I wandered
around the entire center and didn't see him once.
I wasn't overly impressed with David Leavitt's speech. Some shouting
at inopportune times. Jason gave a great speech, but his calling
global warming a farce turned me off. Of course, I'm not sure Cannon
or Leavitt feel much different. Both Cannon and Leavitt started
their speeches with videos. Cannons was probably the best, but I
liked that Chaffetz didn't have one. Cannon's speech was good: he
talked about his background and how he got where he is.
Cannon is a supporter of eVerify,
which I think is a big mistake. Of course, you can't find anyone
who you agree with on everything--unless you're the candidate. That
might not work either. I've known some candidates who I'm sure
argued with themselves.
Time to vote!
I voted for Chris Cannon. I know some people will disagree with that
vote so let me say why:
- Chris was willing to support important aspects of the Change
Congress pledges, including big support for transparency. He even
took the time to meet personally with me on the pledge and talk about
it.
- Chris has been a good friend to technology. Many technologists
in the state who I know and trust are firm supporters of Chris
Cannon. I've talked to Chris several times about technology issues
and he's well informed and thinks carefully about them.
Now we're listening to speeches for statewide office. The only
interesting race is for Treasurer. Go figure.
Ballot
boxes
(click to enlarge) |
Gov. Huntsman spoke about his accomplishments. He made it clear he
only intends to serve one more term (if he's elected, of course).
Chuck Smith, running against Huntsman, gave a good speech and seems
to have some good ideas, but he's not going to win. There's been no
campaign to speak of.
Mark Walker is a
former legislator with little experience in financial management.
Richard Ellis is currently the Deputy Treasurer and a former
directory of the Governors Office for Planning and Budget. But Ellis
has been roundly criticized by the legislature and has little support
there. I think it's more than Walker being "one of our own" with the
legislature. I think Ellis has seriously made many of them mad with
things he's said and done. Of course, I know how that feels. :-)
The Utah County Treasurer nominated Richard Ellis and said Ed Alter
(current Treasurer had planned to do it, but was unavailable.)
The nomination focused on Ellis' experience. Gordon Snow (Majority
Whip) seconded the nomination. Ellis spoke about what he's done in
the Treasurer's office: financial and technical innovation. Ellis
gave a good speech.
Balloons waiting to fall above my head
(click to enlarge) |
David Clark, Majority Leader, nominated Walker. He noted Walker's
integrity. John Valentine (Senate President) seconded. Mark
Shurtleff and Ron Bishop (1st District Congressman) also spoke for
Walker. He emphasized more investment of public funds for larger
returns. It's interesting that our conservative legislature supports a
less conservative financial manager for treasurer. He
emphasizes his private sector experience--although he doesn't get
specific since he has no financial experience that I've heard about.
He seems to be running largely on his Republican credentials.
Results: Merrill Cook, Bill Dew, and Brian Jenkins advanced to the
run off ballot for District 2. In District three, David Leavitt
received 220 votes, Jason Chaffetz received 469 votes, and Chris Cannon
received 338 votes. They'll all go to the second ballot. The other
two received almost no support, so unless people change their vote,
I'd expect to see Jason and Chris go to a third ballot. We could be
here all day...
The conventional wisdom is that a vote for Leavitt or Chaffetz is a
vote against Cannon. But that's not the case. In fact, I
saw Leavitt and Cannon talking in the hall and the word going around
the floor is that Leavitt is asking his delegates to vote for
Cannon. Of course, that won't keep the final outcome from going to a
primary vote in June. In fact, it would take a huge swing either way
to avoid that. Greg Curtis, Speaker of the House, predicted 55%
Chaffetz, 45% Cannon. I think it might be closer than that.
I snagged a seat at the press table: power and a table to put my
computer on. Sweet!
While we were waiting for the second ballot to be counted, Senators
Hatch and Bennett spoke. Basically cheerleading for Republicans.
That's OK--this is the right crowd for it to be sure. Hatch says: "I
was a Mitt Romney supporter, but that's over. If you can't get
behind McCain, you might as well turn the election over to Barack
Obama. That would be a catastrophe for the judiciary." Hatch says
McCain will appoint the right kind of judges and that alone is a good
enough reason to support John McCain. Hatch gets a standing
ovation. No doubt that the man is popular with this crowd.
Along with all of these are the usual controversies surrounding
voting and credentialing procedures. Some older and disabled
delegates had a tough time getting to the ballot boxes apparently.
A row of Macs at the press table
(click to enlarge) |
Attorney General Mark Shurtleff and State Auditor Auston Johnson were
elected by acclamation since they're running unopposed. We watched a
McCain video. Mark Shurtleff spoke after showing us a video. I
presume it's been prepared for the general election. Shurtleff gave
a god talk and got a standing ovation. Balloons dropped. Basically
anything to fill the time while they count votes.
The bags filled with balloons were hung above the press table, so
they all fell on the floor around the press and not on the
delegates.
Argh. Now we're doing party constitution changes. What fun. In the
middle of the second amendment, someone went down and there was a
call for a medic. There was a division called on the second
amendment to replace winner take all with proportional representation
in future presidential primaries. The amendment failed.
There will be a third ballot for the 2nd and 3rd Districts. In the 3rd
District, Leavitt got 161 votes, Chaffetz got 529 votes, and Cannon
got 356 votes in the second round. That gives Chaffetz over 50%, but
he needs 60% to avoid a runoff. That's 630 votes it everyone
stuck around and will vote on the third ballot. He
needs 100 of Leavitt's votes to win outright.
People in Leavitt shirts are walking through the hall carrying Cannon
signs. They're getting boo'd and the Rules Chairman is asking them
to leave since campaigns are not allowed to campaign in the
convention hall itself.
I'm going to go get ready to vote. They're not going to open the
ballot boxes until we've heard the Bylaw changes because they're
afraid people might leave. Ya think!?!
Jason Chaffetz running for Congress in the Third District
(click to enlarge) |
The first bylaw amendment is to allow the delegates that are bound to
Mitt Romney to vote for McCain. People cheered wildly after the
speech against the change. People here still love Romney. Someone
made a motion to postpone he amendment indefinitely. Everyone really
just wants to vote and go home, I think.
In the end, for the 3rd District, Jason Chaffetz came within 9 votes
of being the nominee and not having have a primary with Chris Cannon
on June 24th. The final tally was Chaffetz 59%, Cannon 41%. What a
finish. I'll bet there's some Chaffetz supporters who went home
early and are kicking themselves right now.
During the Second European Identity Conference, Kuppinger-Cole did a number of interviews with conference speakers. You can see these on the Kuppingercole channel at YouTube.
Dave Kearns, Jackson Shaw, Dave Olds and myself had a good old time talking with Felix Gaehtgens about the “identity bus”. I had a real ”aha” during the interview while I was talking with Dave about why synchronization and replication are an important part of the bus. I realized part of the disconnect we’ve been having derives from the differing “big problems” each of us find ourselves confronted with.
As infrastructure people one of our main goals is to get over our ”information chaos” headaches… These have become even worse as the requirements of audit and compliance have matured. Storing information in one authoritative place (and one only) seems to be a way to get around these problems. We can then retrieve the information through web service queries and drastically reduce complexity…
What does this worldview make of application developers who don’t want to make their queries across the network? Well, there must be something wrong with them… They aren’t hip to good computing practices… Eventually they will understand the error of their ways and “come around”…
But the truth is that the world of query looks different from the point of view of an application developer.
Let’s suppose an application wants to know the name corresponding to an email address. It can issue a query to a remote web service or LDAP directory and get an answer back immediately. All is well and accords with our ideal view.
But the questions application developers want to answer aren’t always of the simple “do a remote search in one place” variety.
Sometimes an application needs to do complex searches involving information “mastered” in multiple locations. I’ll make up a very simple “two location” example to demonstrate the issue:
“What purchases of computers were made by employees who have been at the company for less than two years?”
Here we have to query “all the purchases of computers” from the purchasing system, and “all empolyees hired within the last two years” from the HR system, and find the intersection.
Although the intersection might only represent a few records, performing this query remotely and bringing down each result set is very expensive. No doubt many computers have been purchased in a large company, and a lot of people are likely to have been hired in the last two years. If an application has to perform this type of query with great efficiency and within a controlled response time, the remote query approach of retrieving all the information from many systems and working out the intersection may be totally impractical.
Compare this to what happens if all the information necessary to respond to a query is present locally in a single database. I just do a “join” across the tables, and the SQL engine understands exactly how to optimize the query so the result involves little computing power and ”even less time”. Indexes are used and distributions of values well understood: many thousands of really smart people have been working on these optimizations in many companies for the last 40 years.
So, to summarize, distributed databases (or queries done through distributed services) are not appropriate for all purposes. Doing certain queries in a distributed fashion works, while in other cases it leads to unacceptable performance.
The result is that many application developers “don’t want to go there” - at least some of the time. Yet their applications must be part of the identity fabric. That is why the identity metasystem has to include application databases populated through synchronization and business rules.
On another note, I recommend the interview with Dave Kearns on the importance of context to identity.
May 10, 2008
I just saw this image of a chart.
it has the name of the company down the side
- Yahoo! - not sure what it was called
- Google - Open Social + next week social connector
- MSFT - Mesh
- AOL - OpenID, AIM portability
- Facebook - Connect
- MySpace - Data Avalability
Smaller co’s/platforms
- People Aggregator
- Ning
- LinkedIn
- White Lable Social Networking App X.
- Drupal
- WordPress
- etc…
Then across the top is a list of features. example - OAuth for Exporting contacts. Please comment on other features we should list.
In the matrix you check off what features they have and if they are using open standards to implement them.
The question is what are the features we should have along the top. I think we will do this exercise as a group this week at the Internet Identity Workshop since I know that at least the first 4 companies on this list will be there and I am hoping that last two are too.
In a panel discussion at the recent European Identity Conference I referred to LDAP (Lightweight Directory Access Protocol) as "The COBOL of Identity." It came amidst a discussion of future identity-sharing protocols and was intended as 1) a cheap laugh; and 2) as a short, memorable way of saying that LDAP would always be with us.
I mentioned it again in a newsletter about the show ("
Building an Identity Bus, Part 2") which has now been misread by a couple of people, so let me set the record straight.
Jeff Bohren
writes: "
That’s cute, but not terribly accurate. COBOL has had competing languages almost from the very beginning. If you chose to use COBOL, you did so because you felt it met your requirements better than the other existing alternatives. So Dave, what is the alternative to LDAP today? What will it be in 5 years?" That was the point, Jeff - that, like COBOL, LDAP will always be with us.
Clayton Donley
opines:
"There's no pressing need to get rid of LDAP in existing applications. None at all. It works. The applications support it and will continue to support it indefinitely.
Even in next-generation application I see LDAP support being integrated -- hardly what I see of COBOL ...
What does this say about any future identity services?
They must support LDAP-enabled applications.
Does this mean that they will only support LDAP? No."
Exactly.
It does seem that when a bold thought is made as an pithy, somewhat humorous statement that it's seen as some how denigrating the subject. so let me say it once again -
Like COBOL, LDAP is so deeply ingrained in our computing arsenal that it can never be entirely replaced.
Now since one is a programming language while the other is a protocol the analogy will break down upon close inspection. But I will stand by it.
Last week I was at a Liberty Alliance TEG meeting, talking about
- Privacy Constraints
- Reconciling
OpenID PAPE & SAML AC
- Profiling
WS-Trust for security token issuance within ID-WSF
- a 'multi-device' SSO use case, where a user starts watching a video on her mobile, but then transfers the security & application context to her set-top box so that she can watch the remainder in HD
- a RESTful/like binding for ID-WSF
-
Orange APIsNext week, I'll be at IIW, where I expect to talk about
- a use-case from my own family that motivates Liberty People Service
- that
beer Ping owes me
-
s-Cards-
identity rights agreements & privacy constraints
-
data portability- how Ping never settles invoices in a timely manner
- a multi-factor authn use case that requires OpenID PAPE & SAML AC be reconciled
- how IIW 'Closing Circle' makes me think of summer camp
- legal options for forcing Ping to honour its debts
On The Virtual Qull, this cute entry on how LDAP is as permanently integrated into the fabric of computer technology as COBOL. Just an FYI.
Cool! And this one’s even got I18N support…
(Thanks to Paul Bryan for the tip! If you’re curious, my old one is here.)
It's late on a Friday night. I'm babysitting my granddaughter, reading the newspaper and perusing the web. A few comic strips I read today provide a bit of wry commentary on the state of things in our always-high-tech and often-maddening world.
First, a perceptive Dilbert has a calloused, but dangerously accurate view of market projections ...
Both Louann and Gunther are searching for their personal identities ...
Rat longs for the old, disconnected, but somehow simpler life ...
And big media can't quite let go of the old while it clamors for the new ...
If you can't read the sign, it says "Today in the Times: Print media isn't dead! Go to our website for the whole story.
Call it "Societal Assessment by Comic Strip. A new professional-sounding name for my comic strip addiction.
And have a great weekend! More good comics in the morning.
Technorati Tags: comics
May 09, 2008
Dave Kearns says
LDAP is the COBOL of Identity.
Jeff Bohren says it's actually the SNMP of Identity.
So now that we're talking about LDAP's role in the universe...
There's no pressing need to get rid of LDAP in existing applications. None at all. It works. The applications support it and will continue to support it indefinitely.
Even in next-generation application I see LDAP support being integrated -- hardly what I see of COBOL and not as the afterthought that SNMP always seems to be.
What does this say about any future identity services?
They must support LDAP-enabled applications.
Does this mean that they will only support LDAP? No.
Does this mean that we shouldn't move new applications to frameworks like the Identity Governance Framework that make it exponentially easier to build identity-aware applications? No.
It simply means that if you want your existing applications to support your new identity service, it had better support LDAP or most of what you have won't work with it.
That said, movement requires motivation. If LDAP is good enough, we'll be talking about next generation identity services for a dozen years before anything meaningful gets shipped. After all, it was almost a decade ago that Bowstreet and others talked about replacing LDAP with DSML. This went nowhere.
So what great advance would provide this motivation? It won't be security, audit, and compliance. These things can be achieved today with LDAP and strong identity management software. If you can do it today, why rework everything?
What's likely to drive the move from LDAP to identity services is the enablement of new applications that have enormous potential for driving business growth.
An application that can take advantage of the extensive information available around identity in a way that relates that identity to its peers, communication, transactions, and other elements can really contribute to business. Since the full picture of identity and its relationships is much richer than LDAP's information model can describe, we will then need to move beyond the LDAP data model -- not by simply rewriting LDAP in XML, but by redefining what an identity representation for applications should look like.
There are many candidates for next-generation LDAP. Which one will win out? I've got my opinions, but in the end it may not matter.
Why? Because virtual directory technology insulates applications from the underlying changes in technology. This technology will easily adapt to add new listeners and adapters for emerging standards while retaining LDAP for the applications that have been written and will continue to be written to that model.
Technorati Tags:
identity management, LDAP, virtual directory
Writing this while my righteous indignation is still elevated.
Flying back from the Liberty Alliance TEG meeting at AOL, I endured the tangled web that is the security screening lines at Dulles Airport. I felt like a rookie running back, more motion sideways and backwards than forward.
I take one consolation from the experience. Where ever my future travels may take me, whether the Sudan or some back-water single runway airport in Thailand, I am confident that I have already seen the worst organized security check that bungling incompetency can devise.
Smooth sailing from here on.
It's Friday afternoon, time for some fun! We've put together a neat little game where you can protect your enterprise from the like of disgruntled former employees, Sarbox gremlins and the deadly auditors with the help of Sun's identity management products: Identity Hero! Here's a screenshot:
Go save your enterprise!
OK Identity Competitors!
We had our video battle warm-up with the scrappy Ping Identity a few months ago, but now we challenge you to a little game called IDENTITY HERO!"
My teammates at Sun believe that they can rescue more identity enterprises than our competitors. Let's throw down and see who can claim the highest score!!!
BOOOYAH!!!
I've been trying to use Capistrano
for application deployment over the last few days, writing rules to
do some common tasks, figuring out how it works, etc. One problem I
ran into is that I have a private CPAN bundle that I use to ensure a
machine has all the right Perl libraries when I deploy to it.
The problem is that CPAN is often run interactively and so module
writers often assume the user will be present. That means that it
stops in the middle and asks questions about skipping tests, etc. I
searched for a while to figure out how to get a default answer to
questions. It's not Capistrano's job and CPAN didn't seem to have a
configuration option that worked. Turns out it's in MakeMaker.
MakeMaker is the Perl library that the CPAN modules use to automate
the build process. There's an environment variable called
PERL_MM_USE_DEFAULT that when true causes the MakeMaker
prompt function to assume the default answer.
So, here's the task from the capfile I came up with.
task :load_bundle, roles => :local do
run "cd /web/lib/perl/etc/kynetx-private-bundle;
sudo perl -MCPAN -e
'$ENV{PERL_MM_USE_DEFAULT}=1;
install Bundle::kobj_modules'"
end
This works fine. Of course, you also need to make sure the account
you're using for installs can sudo without a password or this will
fail as well. Maybe there's a better way to do sudo inside
Capistrano? I'd like to know about it.
"OpenSSO Workshop: Creating Federated Relationships with Software as a Service, Social Networking, and Web 2.0 Applications" is on Monday May 5 at 4pm in Hall E 135, at Moscone Center.
There will be some nice new OpenSSO/FAM demos, which you wouldn't want to miss. The team will also be there to help those new to OpenSSO get started with a deployment on their laptops. Register, if you haven't already. C ya there...
A quick question: have you used your National Insurance Number (NINO) lately?
Follow-up question: if we discount using it for taking up a new job or submitting your tax return*, when was the last time you used it, and what for?
Reason I ask: the minister responsible for the ID Card Scheme, Meg Hillier, has - both times I've heard her speak recently - cited this as a use-case in support of the ID Card: that NI numbers are needed so frequently that any citizen would be happy to have them encapsulated in a robust credential. That certainly doesn't reflect my own personal NINO usage, but it could be that I'm un-representative.
It seems that citizens' National Insurance Numbers will be among the data items held on the card itself (as opposed to held in the National Identity Register but not on the card)... unless I'm misunderstanding her, which is quite possible. I got the opportunity, on Wednesday, to make that point to her in person at one of the consultation workshops currently being run by the Identity and Passport Service (IPS).
What I suggested was this: if you take the recurrent questions of "What is it for?", "What data is held?", "Who has access?", and "Is it compulsory?", the answers are critically and substantially different depending on whether one is talking about the ID Card, the biometric passport, or the National Identity Register (NIR). Unfortunately in almost all policy-level statements these three things - and particularly the ID Card and the NIR - are talked about as if they were indistinguishable (and I'm afraid Wednesday was no exception).
Having said all that, the Home Secretary's recent publication of the implementation plan may signal some real changes in approach. Of course, as the BBC's Nick Robinson astutely points out here, all that does politically is divide opinion between those who take the implementation plan as a sign that there's a real move away from the all-encompassing system catered for by the primary legislation, and those who think that there's no real change in the government's aims for the National Identity Scheme as a whole, just a rather less bulldozering plan for putting it into effect...
And there's the dilemma. If this is perceived as just a more subtle attempt to introduce a panoptical and intrusive system which can track the use of any designated credential, then opponents are unlikely to be appeased. On the other proverbial prong of the cleft stick; if Ms Smith and Ms Hillier really have an appetite for scaling back on the aims of the Scheme as a whole, it opens up a gap between what the enacted legislation allows for and what they intend to put into practice. Opponents will still be unappeased, because they will want to know what the point is of keeping draconian legislation on the statute books if you don't intend to put it into practice.
Francois Paget, an investigator at McAfee Avert Labs, has posted a detailed report on a site that gives us insight into the emerging international market for identity information. He writes:
Last Friday morning in France, my investigations lead me to visit a site proposing top-quality data for a higher price than usual. But when we look at this data we understand that as everywhere, you have to pay for quality. The first offer concerned bank logons. As you can see in the following screenshot, pricing depends on available balance, bank organization and country. Additional information such as PIN and Transfer Passphrase are also given when necessary:
For such prices, the seller offers some guaranties. For example, the purchase is covered by replacement, if you are unable - within the 24 hours - to log into the account using the provided details.
The selling site also proposes US, Austria and Spanish credit cards with full information…
It is also possible to purchase skimmers (for ATM machine) and “dump tracks” to create fake credit cards. Here too, cost is in touch with the quality:
Many other offers are available like shop administrative area accesses (back end of an online store where all the customer details are stored – from Name, SSN, DOB, Address, Phone number to CC) or UK or Swiss Passport information:
Read the rest of Francois’ story here. Beyond that, it’s well worth keeping up with the Avert Labs blog, where every post reminds us that the future of the Internet depends on fundamentally increasing its security and privacy. [Note: I slightly condensed Francois’ graphics…]
"やっぱり好きなのはRuby/JRuby" by Tim Bray
[Summary] Tim Bray was interviewed by Japanese media. The article is here ( yes, it is written in Japanese ! )
(Translate to English)
マイコミジャーナルより。Tim 曰く、
コミュニティはテクノロジを評価する上で非常に重要なポイントだと考えている。RubyおよびRailsのコミュニティは非常に大きく、そしてフレンドリーだ。Rubyを始めようとしたときや、何かわからないことがあったときには、すぐに良いアドバイスをくれる
I’m currently trapped on the six-hour flight out west to join the rest of the Identity crowd at this year’s Internet Identity Workshop, so I thought I’d use the time to write my final post on the history of iCards. Fittingly, the subject of this post is the father (grandfather?) of iCards, Microsoft’s own Identity Architect in residence, Kim Cameron.
Many people know (of) Kim from his Seven Laws of Identity, but Kim’s story (like most of the participants in the community) starts much earlier. Kim began his career in academia teaching Sociology (he had concentrated in both Sociology and Math/Physics), an occupation that he loved (teaching), but a subject that he soon became disillusioned with (as he said, “There was never any way to prove who was right”). Like any disillusioned sociology professor, he did the natural thing and started a Reggae band (no, I’m NOT making this up), called the Limbo Springs and proceeded to tour the East coast of Canada and the US for the next 7 years.
Having come off his 1981 sold-out stadium tour promoting the multi-platinum “MetaLimbo” (okay, THAT I made up, but JUST that), he returned to Canada to teach Assembly at George Brown University, Canada’s largest community college (as he explains, technology was always his fall-back when he needed money—sounds familiar!). It wasn’t long, however, until he realized that teaching technology wasn’t what he wanted to do long-term, so he and the head of the IT department decided to start a technology business. As he explains, they were dead-broke at the time (as btw it seems everyone in this space is broke at some time or another—I, myself, like to go broke about once every four years), so
![[Technorati links]](cosmos.gif)
