Robin Wilton's esoterica

       
 
« Previous month (May 2005) | Main | Next page of month (Jun 2005) »

28 Jul · Thu 2005

"What do you mean, 'Authorised' ?"


I've just received a replacement airline loyalty card, and it's reminded me of one of my pet peeves about some credentials. On the reverse of the card there's a signature strip, which the covering letter tells me to sign in ink. On the signature strip it says "Authorised Signature". What on earth is that supposed to mean? Who's authorised it, and in what way? No-one from the airline saw me sign it, or has any meaningful assurance that it reached me through the postal system. (It was sent normal mail, not registered post, not signed for on receipt, nothing....). And when I show that card in order to get credited with my airmiles, or to get into the airport lounge, does anyone ask me to sign something so they can compare it with the "authorised version"? Do they heck... All in all, I see the "Authorised Signature" assertion as having about as much weight as a label saying "Authentic Peanut Butter". At face value, it's just so much marketing twaddle. Why do they do it? I mean, if they didn't print that on the signature strip, would those few people who actually bother to look at the signature strip assume that they were looking at an "un-authorised signature"??? Doh....! [/rant]
Posted by racingsnake @ 10:50 AM GMT+00:00 [ Comments [5] ]
 
 
 
 

25 Jul · Mon 2005

"Collateral damage"


Along with "blue on blue" and the verb "to attrit", "collateral damage" is a phrase which most in the UK first encountered during the 1991 Gulf War; it was part of a clutch of US mil-speak vocabulary which expressed chilling realities with a somehow anaesthetic blandness. Specifically, it meant unintended (and usually civilian) victims of military assault. Jean Charles de Menezes, a Brazilian working in the UK, was shot dead last week by police acting under the misapprehension that he was a suicide bomber about to attack an underground train. Their suspicions appear to have been based on these factors (as far as the available facts indicate): 1 - He emerged from a building which they had under surveillance in the wake of other recent attacks; 2 - He was of generally "Mediterranean" appearance (and yes, I know, neither Brazil nor Pakistan are Mediterranean countries...); 3 - He was wearing a padded jacket despite the warm (for the UK) weather; 4 - He ran for it when challenged, heading down into the underground and onto a train. These factors now seem to have the following explanations:
1 - coincidence 2 - he was Brazilian 3 - unclear (perhaps see 2...) 4 - his visa had expired. Now, hindsight is always the most accurate, and I for one would not want to have to make the judgements the armed police officers did on that day, but I can make the following predictions:
- the police will continue to have to keep buildings under surveillance with more or less information about the individuals for whom they are supposed to be watching; - there will continue to be UK residents and visitors who, despite appearances are not suicide bombers (!);
- as the summer ends, more and more people will take to wearing bulky coats;
- there will continue to be people who have reason to wish to avoid the law, or indeed who don't realise that the armed men chasing them down the street are police officers...
By any standards, Mr Menezes' death was a tragedy. Whether it was avoidable under the circumstances remains to be seen. However, those circumstances can and probably will recur. As far as I can see, police tactics are the only variable which can realistically change the outcome in future. Our society now has to ask the kind of question which usually only crops up in Ethics textbooks: is it morally better for the police to kill one innocent person than for a terrorist to kill many innocent people? And more tellingly: does the risk of a possible terrorist killing many innocent people justify the killing of an innocent person by the police? This is not a test.
Posted by racingsnake @ 01:09 PM GMT+00:00 [ Comments [1] ]
 
 
 
 

22 Jul · Fri 2005

Dave Kearns on Data Controllers


Interesting comment from Dave Kearns here about user-centric control of data. Dave, first, about the clause you put in capitals: I think the Liberty Alliance is characterised by how much effort it devotes to listening; as a stakeholder group it covers vendors, user companies, public sector bodies, and also 'reaches out' to bodies like those you saw on Wednesday, as well as the European Data Protection Officers' forum and the EU Article 29 Working Group. Our contact with the last two dates back well over two years; for instance, this (European DP Academy Press Release) describes the second of a series of workshops in which we took part. I'd hate you to cling to the impression that Liberty's thoughts on this only date back to the run-up to Catalyst 2005... The point of defining a Data Controller is that, like it or not, third parties do and will hold data about you - and if one is to assign legal responsibility for what is done with that data, the role needs to be formally defined. European Data Protection law clearly defines the role and responsibilities of data controllers. I think you're referring to a much more narrowly-scoped user-centric model, where the user retains control over a set of credentials and attributes, and determines which online parties can see or exchange them. User consent and control over this kind of data exchange has been built into Liberty from the outset. Liberty is a user-centric model and always has been (let's not forget the non-user centric model to which Liberty provided the viable alternative, and which has driven the formulation of Kim's Laws). To put this into context; take a simple three-party example where a consumer wants a financial institution to assert her creditworthiness to a retailer. The consumer will authenticate herself to the bank and the retailer by presenting credentials; the bank will gauge the consumer's creditworthiness by reference to past credit history, and then pass an assertion of creditworthiness to the retailer on behalf of the consumer. The user should absolutely retain control over her credentials (bearing in mind that it's the bank who issued them in the first place as a means of supporting subsequent identity assertions); the bank, however, should be the trusted repository of the user's transaction history. Data protection laws should define the responsibilities the bank has as the controller of that data. The user should retain control and consent over the assertion of creditworthiness which passes between the bank and the retailer, but the assertion itself is the bank's. Hope this helps clear up where the thinking is coming from, and what I mean by the term 'data controller'... Technorati tags: ,
Posted by racingsnake @ 07:00 PM GMT+00:00 [ Comments [2] ]

Liberty Alliance bloggers


By the way: if you're reading this as a result of the Liberty closing plenary session in Chicago.... naughty naughty!! You're meant to be writing your own blog! ;^) Technorati tag:
Posted by racingsnake @ 06:44 PM GMT+00:00

"See something, Say something"


Just got back from Chicago, having, among other things, tried out the public transport system. [Snap verdict: excellent. The subway and bus services are sensibly co-ordinated, so (for instance) at Jefferson Park the buses leave from right next to the subway station, and I'm told the timetables intermesh. A one-day pass for both networks cost me $5.] The police were in evidence at Clark and Lake station; a 'Canine Patrol Unit' van at street level, a pair of dogs and handlers in the ticket hall and another pair on the platform. The passenger information boards have the usual "Please keep your belongings with you" message, but also display the simpler "See Something, Say Something" slogan which is currently also in use in New York. It seems to work. For various reasons (longish story) I set off for the airport carrying a suitcase, rucksack, bum-bag (fanny pack ;^) and a carrier bag from the Art Institute of Chicago's Museum Shop. While waiting for the train, I decided to re-pack some stuff, so (not wanting to open my suitcase up in mid-platform), I headed for the 'low-traffic' area by the stairs, at the end of the platform. The Museum bag went into the suitcase and I headed back along the platform... to be greeted by the dog team. One of the other passengers had alerted them to "someone doing something with a suitcase behind the stairway". All this within the space of about 30 seconds. Fair comment. I was definitely engaged in 'atypical' behaviour, so whoever you are, if you read this blog (what are the odds....?) - good call. Technorati tags: ,
Posted by racingsnake @ 06:10 PM GMT+00:00 [ Comments [2] ]
 
 
 
 

20 Jul · Wed 2005

Update from Chicago


Today (Wednesday) was a day with a difference for Liberty. In addition to the Technical Expert Group (TEG) meeting, which took place as usual, the Alliance Sponsors hosted two parallel workshops: one on some of the existing Liberty deployments, and one on ID Theft. I took part in the ID theft workshop, which brought together a very diverse cross-section of attendees (some Liberty members already, others not). I was pleasantly surprised at how much momentum there is behind the ID Theft initiative, which Liberty only started in earnest at the previous Sponsors' meeting. It is a topic which really captures the attention of service providers, vendors, users and legislators alike. What I find interesting is that, although many of the most important mitigations of the ID Theft threat are non-technical (procedures, auditability, user education and so on), so many of the stakeholders find it natural to turn to the Liberty Alliance for a specialist and impartial view of what to do about it. It seems clear, even after a day of mostly US-oriented discussion, that 'Data Controllers' are vital in both theory and practice. In theory, because defining the responsibilities of a data controller looks like the best way to start setting our a clear and comprehensive range of ID Theft guidelines; in practice, because there is already a body of expertise and experience (most notably across Europe) about how the data controller role can be executed to good effect. It was also fascinating for me to be able to compare US experience of California State Law 1386 (which obliges data holders to notify the individuals concerned if they suspect that personal data has been compromised) and the reaction of UK financial institutions to the SAR (Suspicious Activity Report) regime. I think there is a common message across both pieces of legislation, different though they are: the laws are often framed to meet the needs of the regulator, and don't necessarily give much weight to the needs of the 'reporting institution'. In the case of SARs, UK institutions expressed the view that they were diligently submitting their reports, but seeing little or no benefit in return. In the case of 1386, institutions seem increasingly unhappy about the poor cost/benefit of having to notify their customers even if a data breach only 'might' have happened. Drafting laws is a tricky business.
Posted by racingsnake @ 10:26 PM GMT+00:00
 
 
 
 

19 Jul · Tue 2005

You've got SPIT....


You've probably seen posts in the Identity community about the question of whether "Location" is an identity attribute. How about "Presence" (in other words, whether or not you're connected to the network, by whatever means). I think it's a piece of identity data at least in the sense that it deserves privacy protection. As a practical illustration: unwanted or inadvertent disclosure of your "Presence" attribute can lead to SPIT... (SPam over Ip Telephony). A case in point: we just IMed a colleague to see if she could join us in a working-group discussion (see my previous post about the ease of finding a wireless connection here...). After chasing that message a couple of times, we got a rather brusque reply: "Please can you stop IMing my laptop... I'm trying to use it to give a presentation!" :^)
Posted by racingsnake @ 07:54 PM GMT+00:00 [ Comments [3] ]

Online from Illinois...


I'm in Chicago this week for the Liberty Alliance Sponsors' meeting, so what with the jet lag, the time difference and the very full week we are expecting, I may not have much time for blogging. That said, the technology at least does not seem to be an obstacle... no fewer than 6 wireless networks announcing themselves within range. It is pretty hot and humid here, but then, it was pretty hot and humid in England before I left, so I was suitably acclimatised for a Chicago summer. Not often you can say that.
Posted by racingsnake @ 02:37 PM GMT+00:00
 
 
 
 

16 Jul · Sat 2005

Zero-knowledge proofs for authentication


Well, there's a catchy title for a post, eh? My colleague Rohan Pinto has posted a good entry-point for anyone wanting to look further into Zero-knowledge proofs. Given the prevalence of "new" two-party relationships mediated by the internet, and current concerns over things like password weakness and identity theft, I think this is something we might all benefit from reading up on... Especially if, like me, you are somewhat 'mathematically challenged' and need a decent run-up at this kind of thing. Personally, I got on fine with maths until it started to consist of more letters than numbers. Here's Rohan's post. Technorati tags: ,
Posted by racingsnake @ 05:03 PM GMT+00:00
 
 
 
 

15 Jul · Fri 2005

"Terrorists blew up my homework"


Apparently a number of post-graduate students on Warwick University's Master's in Public Administration (MPA) will not be getting one of their recent essays back for a while. The papers are stuck in an office in the cordoned-off area of Tavistock Square. Well, it beats saying a dog ate it.
Posted by racingsnake @ 06:25 PM GMT+00:00

The FT's Philip Stephens


Here's another commentator on current affairs who I really respect. I don't think it would be unfair to say that he's more cerebral than John Simpson (who I cited a couple of days ago), or conversely that Simpson is more apt to 'get out and about'. However, Stephens writes and argues beautifully; he's one of the few journalists who, in the space of an article, can bring me round to a point of view which I did not hold at the outset. Here's his latest piece on... well, the state of the globe, really. A minor snag is that the FT are well aware of how good he is and tend to put his column in the 'chargeable' section. Hey ho. Technorati tags:
Posted by racingsnake @ 12:08 PM GMT+00:00
 
 
 
 

14 Jul · Thu 2005

Le quatorze juillet


I just realised it's the 14th of July. Felicitations to anyone in France who celebrates that date. I make that rather qualified wish, ever since I found myself in Paris for a meeting on this day and spontaneously wished the gentleman in question all the best of it. He drew himself up, reeled off his immensely long and very aristocratic family name, and explained rather frostily that it was not a day for celebration for him and his kin. Oops.
Posted by racingsnake @ 11:10 PM GMT+00:00

Clinton and GTA sex...


Oh ho... another Clinton sex scandal, I hear you ask..? Sorry to disappoint, but this one is Hillary commenting on the adverse effects she sees in computer games with adult content. The game in question is GTA San Andreas. The fuss seems curiously tangential to me: I mean, for a start, the basic premise of the GTA games is that car-jacking is acceptable. In the case of San Andreas, the mainspring of the plot is a deep and pernicious corruption in the local police force, which basically means the protagonist would have no chance of going straight even if that was the kind of game this is. Which it ain't. So once you've got those concepts on board, the idea of a downloadable 'mod' which somehow lets you stack characters on one another seems... well, tame. After all, there's a mainstream retail version of The Sims called "Hot Date", for goodness' sake! BBC article in question
Posted by racingsnake @ 10:59 PM GMT+00:00

Impossible Objects


And no, it's not the results of my latest attempts at object-oriented programming... Thanks for Phil Windley for this great link off his Technometria blog: Objetos Imposibiles. It's hard to pick out a favourite, but I really liked the dynamo-powered light-up whistle for deaf dogs.
Posted by racingsnake @ 01:54 PM GMT+00:00

John Locke on personal identity


I went back to John Mackie's "Problems from Locke" to remind myself what they both have to say on the subject of personal identity. The philosophical aspects of identity are sometimes abstruse and can seem remote from the 'practical' concerns of the identity in IT, but in rigorously teasing them out, Locke and Mackie uncover many assumptions and relationships which are directly relevant to us. A good example is his analysis of 'action attribution'. That is, we often want to say that the person standing in front of us now is the same one to whom we attribute certain past actions. Much of Mackie's discussion revolves around the consciousness of past events 'from the inside'; in other words, his concern is with what leads a person to believe in their own identity. Of course, in the online world, we're more usually concerned with what can lead a third party to believe an assertion of someone's identity. With that in mind (no pun intended...), Mackie discusses questions of consciousness and continuity of memory which, while philosophically interesting, are of less applicability to the idea of 'online identity'. Mackie also looks at the question of 'bodily continuity', which he (and Locke, Hume and others) have been reluctant to equate with identity. These days (Mackie's says the chapter on personal identity was largely formulated in the late '50s...) we might be tempted to talk about how all the cells in the body are replaced every few years, or bring in discussions of cloning. This is ironic, of course, in that now more than ever we are tempted to regard biometrics as the next big step in secure authentication. However, it is rational in the sense I've referred to earlier in this blog: that assertions of (physical) identity are only practically useful in that they allow us to establish a relationship to something else, namely some past action. So Mackie's focus on 'action attribution' is very useful. In assertions about credentials, we are attributing to the credential-holder the action of having 'proved' their identity at a past registration/enrolment event. This authentication step is usually a pre-cursor to retrieving other records about that individual, such as banking transaction history, immigration records and so on, which are further instances of 'action attribution'. Admittedly I'm cherry-picking here... Mackie raises plenty of discussable topics which would take more time and space than I have, but his writing is so lucid I can only recommend you have a look for yourself. Technorati tags: ,
Posted by racingsnake @ 01:00 PM GMT+00:00
 
 
 
 

12 Jul · Tue 2005

London 7/7: suicide or not?


The Metropolitan Police, including the Anti-Terrorist branch, have just issued a statement giving the first details of their investigation since the bombings. Based on forensic evidence, their analysis is that the four perpetrators died in the blast. This raises several further questions and implications:

- All four bombs are now thought to have gone off within 50 seconds of each other regardless of location, which might hint at the use of timed (or centrally controlled) detonators; [though see Geoff's correction in the comments]

- In that case, if the bombs were still being carried, did the bearers detonate them, or submit to being blown up by someone else, knowingly or otherwise?

- If the bombs were still being carried, it might answer the question of how multiple devices could be on the tube for around 10 minutes without anyone raising an alarm about unattended items. Finally, the suggestion that these may have been suicide attacks tends to adjust assumptions about the threat profile for the future, as that method has so grimly illustrated in the Levant and Iraq. It also emphasises the importance of those future actions (social, political and so on) which will minimise the pool of willingly suicidal candidates. Technorati tag:

Posted by racingsnake @ 04:24 PM GMT+00:00 [ Comments [8] ]

Identity "metasystem"


There's some debate in the blogosphere about the term "metasystem" as applied to the identity infrastructure... here are a couple of thoughts: 1: "meta" ought to mean "about" rather than "combinatory"... a meta-language describes languages rather than providing a means of translating from one to another. However, skipping nimbly around my normal pedantry, let's acknowledge the common usage of "metasystem" as 'an over-arching system able to incorporate multiple types of architecture or technology'... 2: on that basis, it strikes me that there's an interesting analogy to be drawn between different identity systems and different Public Key Infrastructures (PKIs). Each PKI tends to be uniquely defined in terms of its 'root': in other words, the single certificate which you find if you trace any certificate chain back from the user. The certificates issued by one 'root' can't be validated by another. However, if you need to make two or more PKIs interoperate, there are two classic ways to do it: establishing a common 'root', or cross-certifying the two existing 'roots'. Without going into the innards of it, I think this offers a way of looking at current "metasystem" arguments about identity architectures. The equivalent of "cross-certification" puts the onus on each existing implementation to ensure that it exposes an interoperability interface to the other comparable architectures/protocols. It's a perfectly valid approach, the only drawback being the increase in complexity as the number of cross-certifying parties increases beyond two. By contrast, the "common root" approach is closer to how I would understand a "metasystem" as I think the term is intended. This approach puts the onus on each existing implementation to include conformance to a single over-arching architecture or protocol. As in the analogous PKI case, it might be that any such over-arching protocol would more naturally be 'held in common' on behalf of its stakeholders than 'owned' by any single stakeholder.
Posted by racingsnake @ 03:42 PM GMT+00:00
 
 
 
 

11 Jul · Mon 2005

John Simpson's comments on London 7/7


I have huge respect for John Simpson as a journalist and communicator. Here's his comment on the events of last week: John Simpson article on news.bbc.co.uk
Posted by racingsnake @ 03:38 PM GMT+00:00 [ Comments [2] ]
 
 
 
 

09 Jul · Sat 2005

London 7/7: the next seven years


From the BBC news website today. "Police are also involved in one of the UK's biggest searches of CCTV footage to see if there are any clues as to the identity of the bombers." (See my first entry on 7/7, below...). For any ID Card fans out there, I would just like to draw the distinction between "real time" face recognition as a form of biometric access control, and "retrospective" face recognition as a forensic tool. I'm comfortable with the latter, but think the former is still unrealistic and overkill. A lot of the discussion now is about whether 7/7 was perpetrated by an 'imported' hit-squad or a 'sleeper cell' already in place. Bearing in mind the timing of this attack, so close to the announcement of London as the Olympic city for 2012, this will have a bearing on the prioritisation of future security measures. Is it a question of identifying and interdicting sleeper cells already in place now, of detecting and preventing their formation in the coming years, or of trying to seal the borders against subsequent 'imported' squads...? Well probably all three, and more. I can say now: I think that given the nature of the current terrorism problem and the possible remediations, it is over-optimistic to assume that the UK will no longer be a target in seven years' time. Is that going to result in the collapse of our way of life? I think not.
Posted by racingsnake @ 02:58 PM GMT+00:00
 
 
 
 

08 Jul · Fri 2005

London 7/7: what next?


It seemed to me at the time that the Bush administration's reaction to the New York 9/11 attacks reflected a major flaw in US foreign policy. Their conviction appeared to be that the appropriate response was (a) retaliatory and (b) military, and included no significant diplomatic adjustment. To my mind, that was an error of judgement which increased risk, rather than reducing it, and which eroded democratic values rather than safeguarding them. -I still think that is the case.- I think that is an analysis which we can profitably apply to the UK today: a reaction based on retaliation and military intervention is unlikely to be either positive or sufficient. [I've rephrased this in the light of some valid comments from James and Steve, below]. Whatever the claimed merits of destroying identifiable cells of terrorist activity, the root causes can only (if at all) be addressed by systemic action: politically, diplomatically, economically and ethically. Surely that is the most positive legacy we can inherit from the victims of London 7/7, Madrid 2004, New York 9/11 and decades of terrorism in Northern Ireland.
Posted by racingsnake @ 08:57 AM GMT+00:00 [ Comments [4] ]

What London is really for...


We're all wrong, it turns out. London is neither the Olympic City of the Millennium, nor the #1 target on the planet. It's a board game. GPS Monopoly A number of black cabs have been fitted with GPS trackers, and are being used as pawns in a giant, real-time game as part of the publicity for a new Monopoly edition. Players 'invest' in property around London, and get their rent payments depending on where the real cabs go. The new playing pieces are strangely retro (already...!); they include a hamburger, a mobile phone and roller blades. Shouldn't that at least be a tall skinny latte, a Blackberry and a Segue??? And a jumbo jet... I mean honestly - think of the carbon footprint!
Posted by racingsnake @ 08:24 AM GMT+00:00
 
 
 
 

07 Jul · Thu 2005

London 7/7: Casualty hotline


Scotland Yard have now issued the following number for use by those worried about whether relatives may have been affected by today's bombings: however, as Alan Burlison as noted in his comment, please only use the hotline number if you have already tried and been unable to make contact directly. They need the hotline to be available for genuine +last+-resort calls. 0870 1566 344 As that's an 0870 number, I'm not sure if it will work from outside the UK, but if you are trying from overseas, you would need to dial +44 870 1566 344 , where the "plus sign" is replaced with your country's conventional prefix for international calls. For example, in France you would dial 00 44 870 1566 344. I +believe+ you will be more likely to get through if you use a land-line than a mobile. Technorati Tag:
Posted by racingsnake @ 03:41 PM GMT+00:00 [ Comments [1] ]

London 7/7: Fatality figures rise


The Metropolitan Police are now releasing figures which put the number of those killed in today's bombings at more than 30. Most of the deaths resulted from the bombs in the underground system; the number of people killed by the bomb on a double-decker bus is not yet known. Updated police figures My earlier comment that the eyes of the security forces were (understandably) elsewhere is reflected in the Met's statement that 1,500 of their officers will now be redeployed from the G8 summit back to the capital. Technorati Tag:
Posted by racingsnake @ 02:59 PM GMT+00:00

London 7/7: More practical details


Here's a BBC page summarising the extent of disruptions and the police's recommendations. BBC summary of travel disruptions They note that there is not yet an emergency/casualty contact number. I'll watch out for it and post it when I see it. Technorati Tag:
Posted by racingsnake @ 02:31 PM GMT+00:00

Suspicious packages


I know this is after this particular horse has bolted, but it bears saying anyway. On three occasions I've been somewhere where an unattended package or piece of luggage has been noticed in a public place (restaurant, train, office). On all three occasions someone alerted a member of staff, who promptly went over and picked up the package, opened the bag, &c. Please, please... if you have to alert someone to a suspect package, tell them (in the same breath) that it's safer if they don't touch it. Remember: in this situation, you had the presence of mind to notice and act on something untoward. For whatever reason, the others around you did not. The safest assumption, therefore, is that they are less aware of what to do than you are. Sad, but empirically true. Technorati Tag:
Posted by racingsnake @ 11:25 AM GMT+00:00

Update on Central London/Sun


A quick update: to the best of our knowledge, everyone in Sun's City office is OK. Here is a link to the BBC article indicating where the explosions were. Russell Square is an area particularly highly frequented by tourists (British Museum, British Library, many hotels &c.). I'm afraid I can't find an emergency helpline number, but if I do I'll post it as soon as possible. In the meantime, the mobile network in London is reported to be overloaded and BT say they want the fixed line network kept free for emergency use, so if you are trying to contact someone I suggest SMS (or email) rather than voice. BBC article and map Other disruption You are likely to find that routes out of London are subject to extra security checks, so expect additional delays. There are also suggestions from our travel people that the airports may be sealed off - so please review your travel plans and consider whether you have an alternative before you set off. Try and assess the relative risk of travelling versus staying put, and don't put yourself in unnecessary danger. Technorati Tag:
Posted by racingsnake @ 11:09 AM GMT+00:00

Bomb attacks in London


There have been several (around 6) explosions in central London this morning, most during the rush hour and all geographically in a band across North Central London. So far two people are thought to have been killed and dozens injured. The city's public transport systems have been shut down and the emergency services have gone into full crisis mode. Looking at the timing (huge international focus on the London olympic bid and the G8 summit) and the pattern of attacks, I have to conclude that this is a co-ordinated terrorist attack. Most of the bombs appear to have been detonated in the underground (subway) system, in locations which could all be reached within 10-15 minutes from King's Cross station. King's Cross is the largest and most complex "node" on the system. There's also the point that, with the G8 leaders at the other end of the country, someone may have felt that this was an opportune moment to slip under the security radar. It will be interesting to see, over the coming weeks and months, whether the high level of CCTV surveillance in London's streets and subways can reveal anything about how the attacks were mounted. Technorati Tag:
Posted by racingsnake @ 10:14 AM GMT+00:00
 
 
 
 

06 Jul · Wed 2005

The Real Stuff


It occurs to me (and I should have said it much sooner) that if you want to know how Sun's Identity stuff really works, you shouldn't be reading this blog. But then, you have probably figured that out by now. The one to be reading is Pat's. There's always a link to it in my blogroll, but it's worth an entry in its own right. Pat has a unique insight into the technology, both at the standards/spec level and also in terms of the product which hits the street. He also knows what "spin" is, but I haven't caught him doing it yet!
Posted by racingsnake @ 10:32 PM GMT+00:00

Identity at Schiphol Airport


Going through Schiphol airport, I noticed the fast-track through immigration, signposted "For Privium members only". Schiphol has had an iris-scan system for a couple of years now, approved in 2002 as a permanent option by the Dutch Ministry of Justice. They seem to have got several things right at least: the biometrics are there for one clearly-limited purpose, there's a direct benefit to the citizen, and the whole thing is competently branded as a desirable service. There's no way the EU (let alone Europe) can be described as having joined-up policing, and until that Nirvana is attained, current nation-state borders seem to me as good a place as any to check credentials. [Note: I personally have no problem with airport security or national border checks. I like my air travel without excitement...] At Schiphol, anyone who doesn't go through the Privium channel will still have to present some other appropriate credential, so it's a straight trade-off: queue and show your passport, or walk straight up to the scanner and let them see the whites of your eyes. (Well, the iris, but you know what I mean). My caveats are:

  • I have no data about what rate of take-up the system has attracted, but to give some idea, in 2002 Schiphol handled 40 million passengers, and there were 4,000 Privium subscribers (a penetration rate of 0.1%);

  • I don't know whether the biometrics are used by the Dutch state for other purposes;

  • I don't have any information about the accuracy rate of the scan technology;

  • The system is not easy for wheel-chair users to use, because of the height at which the scanner is mounted;

  • It's quite expensive... €99 per person for the basic fast-track credential. There's also a €119 option, with which you get business class check-in with participating airlines and priority parking next to the terminal.

In other words, the Schiphol example probably sheds light on many of the concerns raised about the UK ID Card proposals (bearing in mind that it is on a comparatively tiny scale). Bottom line: does Privium show that biometrics can be introduced in such a way that the citizen perceives a direct benefit? Absolutely.

Does Privium prove that biometrics are a workable idea for mass-scale, general-purpose authentication? Probably not. Technorati Tag:

Posted by racingsnake @ 03:11 PM GMT+00:00

Sun at Microsoft's Tech Ed 2005, Amsterdam


I had a very enjoyable visit to Tech Ed 2005 in Amsterdam yesterday; many thanks to Kim Saunders (Director of Interoperability Programs) and Eleanor Davis for making me welcome. I was there as part of a panel for a press conference on Active Directory interoperability. I was able to relate how positive our recent joint customer meetings with Microsoft (see earlier entries) have been. It's a lot easier to fix a customer's interoperability problems if you're talking to the people you need to interoperate with...! Setting Sun on fire? As well as the Active Directory Interop panel, I was able to catch the Keynote session in the morning. The highlight from a purely Sun perspective was seeing a nice rack of Sun hardware unveiled on stage by Andy Lees (Corporate VP, Server and Tools Business). It was there as part of a system management demo, to show the WS-Management specification in operation. The demo involved pulling the cooling fan out of one of the Sun servers, to show how that event could be centrally registered and dealt with. The Sledge-hammer Approach... I was a little concerned though... an earlier demo in the same Keynote saw some unfortunate vendor's network switch crushed on-stage with a sledge-hammer to demonstrate hot failover. There was also some stage-play earlier with a CO2 fire extinguisher. Thankfully neither of these tools was applied to the Sun kit! With apologies for the poor image quality, here's a PDA-snap in which you can just about make out Sun's logo, "stage right". teched Josh Cohen of Microsoft was there to make sure it went OK. He and my colleague Gerry Beuchelt worked together on the WS-Management specs.
Posted by racingsnake @ 01:35 PM GMT+00:00
 
 
 
 
 
« July 2005 »
MonTueWedThuFriSatSun
    
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
       
Today

unsubscribe from human rights abuse in the war on terror
Locations of visitors to this page
Such views as I express in this blog are based on my own opinions, experience and judgements. They do not necessarily represent the policy or views of my employer. It is not my intention to offend readers in any way. If you find anything on this blog offensive, please contact me in the first instance.
Robin Wilton
www.flickr.com

Links to recent entries

[RSS Newsfeed]

Valid XHTML or CSS?

[This is a Roller site]
Theme by Rowell Sotto.
What's this?
 
© racingsnake