Robin Wilton's esoterica

I saw a rainbow today, and it occurred to me what an unlikely thing it appears to be. There it is, surrounded by fractal stuff like clouds, trees, rainfall, wind and so on, and yet it is a perfect geometric shape, delineated in a spectrum of colour which appears to be utterly unnatural. If I were an Intelligent Design proponent, presumably that's about as far as my investigations would need to go: the rainbow is something so clearly at odds with the rest of the observable natural world that it must be evidence of a higher designer. I find ID so intellectually alien that it's hard to know which objection to raise first, but I tend towards this one: anything which encourages someone to give up on scientific method because the thing under investigation "looks too complex to explain scientifically" is bad. If that's the approach we inculcate in our children, I think we are sowing their future with the intellectual equivalent of anti-personnel mines. There ought to be an international treaty against that. In Socratic Athens, it was grounds for hemlock.

Identity theft, in its various guises, seems to be all over the headlines today. I mean specifically today, rather than "these days": A Romanian couple are being sentenced in London for an eBay scam which ran for two years and netted an estimated £200,000. They apparently used a dozen or so fake IDs to help perpetrate the scam, which was a standard one of auctioning non-existent goods, then persuading the 'unlucky losing bidders' to send a money transfer for 'an equivalent item which we do have in stock'. Police raids in Cardiff uncovered a classic card counterfeiting ring, based on good old "dumpster diving" (or, as we know it, 'rummaging through the bin') for utility bills, bank statements and the like. If you still just bin your bills and statements, pleez, pleez buy a shredder and use it. It not only lowers your risk of ID theft, the resulting shreddings make an excellent addition to your compost heap. There are two ways you can use them: either just add a thick layer occasionally along with the garden waste, or bag the shreddings up in a black bin-liner and use this as an insulating blanket on top of the heap. The heat retention will help what's underneath break down more quickly. I do the same thing with twiggy hedge clippings which are too woody to go straight on the heap. Bag them up, put them on top of the heap as insulation, and after a year or so they will have broken down enough to be emptied out onto the compost. Finally, what's the difference between ID Theft and Brand Subversion? Not a lot. Both are pernicious, cost you money, damage your reputation and are hard to clean up. Clothing manufacturer Burberry has discovered this, as it has seen its signature black, red and tan check pattern spread like bird 'flu through a stratum of society it would sooner not be associated with. But if that design simply "is" Burberry to the majority of consumers, what do they do to reclaim it as the 'identity' they want? It's pretty tough, isnt' it? They can't just switch to a nice blue-green paisley instead, any more than Coca Cola could ditch the familiar red of the most recognised brand on the planet. By the same token: what recourse do you have, as an individual, if someone 'steals' your identity? They can't 'give it back to you' like they could a camera or a car, nor can they buy you a new one. Think what will happen when we all rely on biometrics: you can't be given another set of DNA just because someone forged your current credentials. I know biometrics tends currently to be portrayed as the be-all and end-all of authentication technology, but I have a sneaking suspicion that's a rather short-term view. We need to be thinking of biometrics as a technology with a shelf-life, and planning what to do if (when?) its effectiveness erodes over time.

US Supreme Court nominations, and indeed presidential ones, still look somewhat strange to us Brits. We don't see any of whatever goes on behind the scenes of our judicial appointments, and even in the case of political appointments (such as Tony Blair's choice of Lord Irvine as Lord Chancellor) we don't get the forensic dissection of every past speech and judgement which is the norm in the US. We are starting to get it with political party leaders... usually about whether a candidate ever smoked pot at university. I'm bound to say, in this day and age, for a national political leader to profess that they have never so much as taken a puff seems to me to set them apart from the experience of a very sizeable section of the population (if the statistics are anything to go by). It's entertaining to while away a few minutes thinking what other life experiences a future prime minister could forego without rendering him- or herself unsuitable for the job: employment? alcohol? sex? using a motor car? travelling abroad? going to church? What would we think about someone who had never done any of those things... and would we want them running the country? But I digress. Back to Ms Miers: given that it's normal to rake over every pronouncement a candidate has made, and given that (with no judicial experience) she doesn't have the back-catalogue of published judgements a more conventional candidate would have... wasn't it rather predictable that her record of advice in the White House would be the target of scrutiny? Perhaps her nomination was, how can I put it, "politically optimistic"?

Looking back through my blog, I think you'd be hard put to find many occasions on which I have wholeheartedly endorsed a policy put forward by our enlightened government. Partly that's because I tend to be struck by those policies which are absurd, inconsistent or just plain wrong. Partly it's because they seem to do a lot of daft things, or sensible things a daft way. Now there are proposals which have a lot of sense in them, to increase the teaching of foreign languages to primary-school children. The proposals are not perfect: for some reason the plans are restricted to 7 to 11 year-olds (why only start at 7, when most children will have been in primary school since the age of 5?). However, this is better than nothing, and could repair a deficiency in our education system which I think damages both the children concerned and our broader national interests. Learning additional languages is good. Learning them early is even better. Personally, I think 7 years old is already late: think of the readiness with which infants learn their mother tongue, and the way in which they take for granted the fact that some people around them speak a different language. I spent my first few years surrounded by English and Arabic, and apparently was as comfortable in either as a 3-4 year old needs to be (after all, at that age you're not exactly discoursing on the finer points of Renaissance needlework...). However, I was also aware of linguistic context: if my father spoke to me in Arabic (he's English, but was teaching Arabic at the time) I would always reply in English. Friends in mixed-language marriages have told me they have to be consistent about this: if one parent speaks, say, French to the children and the other English, they have to stick to that. Speaking the 'wrong' language (i.e. the one the child expects from the other parent) infuriates the child and they just stop listening. I've seen it happen. I am also convinced that learning another language early makes it easier for people to learn other languages subsequently. I'm afraid I forgot all the Arabic I used to speak as a toddler, but then started to learn French at the age of four because I was sent to a French nursery school. in Cairo. Then we came back to England. Guess what: no language tuition. I forgot the French too, through disuse. We moved to Belgrade. I picked up some Serbo-Croat because I needed it in order to make friends and buy sweets... I went to an American grade school. We started French lessons and it all came back again. At later schools I studied German and Russian (but forgot almost all the Serbo-Croat), and went on to take a degree in French. Actually using the languages, of course, makes them stick long-term, and for some reason I find these days that what I learn sticks for longer. When I started to travel on business, I tried to make sure I could at least say a few words in whatever it might be... Italian, Norwegian, Turkish, even if it was only 'hello', 'please may I have' and 'thank you'. I don't say that to blow my own trumpet, but I'm sure that an early start (and the resulting long-term familiarity with the concept of other languages) has made me confident about learning new languages, and that in turn makes it easier to do. People react better to you if you speak their language. In Turkey particularly, the surprised smiles I got for being able to reply to a greeting, or ask for stamps, really made the effort worthwhile. Conversely, I went to Spain on holiday without learning enough Spanish; we were staying some way from the tourist centres, and I have seldom felt as frustrated, embarrassed and generally 'unable to interact'. All of a sudden, it made "abroad" an unsettling and alien place to be, which is not a recipe for a relaxing holiday! That's why I think failing to teach our children languages makes life harder for them in the long term. In these times above all, we do not need generations of Anglophones who regard "abroad" as a frustrating, embarrassing, unsettling and alien place. We need them to be comfortable with other languages, able to interact confidently, and therefore able to understand and appreciate what makes another people 'tick'.

OK, I promise this is the last "I've just been to Singapore" posting... ;^) The flight takes about 12-13 hours, and as I went with Singapore Airlines there was a great choice of in-flight movies. They have a video-on-demand system with about 60 films and a lot of music as well. I don't like to over-burden the brain when flying (there's not much oxygen up there anyway), so I went for pretty standard block-buster fare: 1 - Batman Begins (Christian Bale, Michael Caine, Gary Oldman, Liam Neeson) Adequately-scripted re-hash of the genesis of the legend... though I'm starting to wonder how many times the franchise can stand another 'here's how Bruce Wayne's parents died' sequence. Michael Caine contributes a strangely down-market Alfred, and I don't think this was Liam Neeson's finest hour. However, Gary Oldman is very good as a young (pre-Commissioner) Gordon. I don't want to give any plot-spoilers, but there's an interesting and even vaguely plausible rationale for those 'fins' on the forearms of Batman's suit. If I was being catty I'd say they couldn't afford James Spader to play the suave but psychotic Dr Jonathan Crane. And can we please have no more films where characters outrun an exploding fireball in an air duct/lift shaft or whatever!?!?! That one is so old it's got a bus pass.
2 - Mr and Mrs Smith (Brad Pitt, Angelina Jolie) Good mindless shoot-em-up yarn, deftly squeezing the occasional joke out of the basic premise: husband and wife are, unwittingly, the top assassins for rival organisations. Umm.. guess who they get assigned to kill...
3 - Crash (Sandra Bullock ... ) Gosh, for all my attempts to stick to pulp, damned if this movie didn't make me sit back and think a few times (Metaphorically speaking. Singapore Airlines may have a great movie selection, but you still don't exactly get to stretch out). I like stories told this way... an overlapping timeline in which we see linked series of events from the perspective of different characters (Jackie Brown is another good one, but then Tarantino does this a lot). Crash turns a probing light on personal prejudices of various kinds (class, colour, race, culture etc.), including your own assumptions about the characters involved, and stings your conscience rather than bludgeoning it. Classy stuff. Sandra Bullock was probably the biggest name in the list, but there weren't any dud performances --- a strong cast.
4 - Hostage (Bruce Willis) Well-plotted thriller, with a solid performance by Bruce Willis, who ends up having to juggle a fiendish assortment of balls to get the right outcome from a hostage-taking. Visually opulent, too. These comments may or may not count for anything; you have to factor in the possibility that I enjoy worse movies than you... But I've seen my share of stinkers, and I can honestly say that these four flicks did keep me watching. On the one hand, I couldn't exactly walk out, but on the other hand, there were plenty of other channels available.

Some interesting blogging here from James McGovern, on 'what the Identity Conversation ought to involve'. Having spent over three and a half years trying to explain the interface between identity technology and identity requirements, I have to agree with a lot of what James says. The 'consumer' perspective on identity is one approach to the topic, but by no means exclusive or exhaustive. For better or worse, it's the perspective most often used to try and explain the concepts of identity, identity management and identity federation, partly because the consumer model of online transacting is one of which we all have first-hand experience. But to draw the analogy I often use... people tended to talk about e-commerce in terms of the retail consumer model (and for exactly the same reason); however, if you probe a little deeper, vendors and implementers alike will confirm that it's the B2B market which represents the greater volume and durability of traffic. In terms of identity management, catering to the requirements of the 'consumer' is always key, whether that consumer is acting in the role of citizen, retail customer, employee, tax-payer or whatever. But James' blog entry correctly notes the importance of attending to the corporate (or service-provider) side of the relationship too. And that's the point I want to bring out: assertions of identity always involve at least a two-party relationship, and usually a three-party one. Either you, as a service-requester, are returning to whoever issued you with a particular set of credentials (OK, let's resort to the consumer model again... you're a banking customer, presenting yourself at an ATM and authenticating yourself with a PIN issued by your bank), or you are using the credentials issued to you by one party to authenticate yourself to another: for instance, you present your passport to the immigration official of another country. What these transactions represent are multi-party relationships, over which assertions are made with varying degrees of trust. Those relationships are not technical ones, they are 'real world' relationships which often transcend the boundaries of any given technology implementation. That's why James is right to say that the identity architectures we implement need to be able to interoperate with other implementations; hence the Liberty focus on both openness and interoperability.

Being in Singapore last week also gave me an opportunity to find out a few interesting things about Hinduism. Preparations for the festival of Deepavali (Diwali) were well under way, with street lights being put up, temples being decorated, and markets selling garlands, jewellery, henna, clothing and so on. I visited the Mariamman temple, where one could simply remove one's shoes and walk in. There were signs to advise tourists of areas they should not go into, as well as donation boxes and the opportunity to buy a photography permit. Actually, the first time I went to the temple (Monday 17th Oct) it was closed. A sign on the door said "Closed for lunar ecplise - open again at 7:30 pm"). Probably the most striking thing about the temple in general is the tower over the entrance. It is covered with figures from the Hindu pantheon, all brightly painted and quite something to see. My first reaction was how dissimilar it is to anything you would see in a church... but then again, what about all those stained-glass windows we have? Inside, the most numerous statues where those of a female deity holding a green parrot. Later in the week, I had a taxi driver who was able to fill me in on some of the background. The deity is Shakti, also known as Parvati or Mariamman (hence the name of the temple). So, lesson number one, not only are there a lot of deities, they can also have multiple names. Lesson number two; the same deity often takes multiple forms, depending on where they are or what they are doing. With that in mind, this blog entry is going to be the merest glimpse of this fascinating kaleidoscope... Disclaimer: this is a complex subject, and there was huge scope for me to misunderstand or mis-remember what I was told, so any errors are entirely my own! Anyway, I also asked about Ganesha (the Elephant-headed deity who is probably the most familiar to non-Hindus), and here was what the driver told me. Shakti, who was the wife of Lord Shiva, wanted to take a bath in private. She formed a boy from clay and brought him to life. This was Ganesha. She instructed Ganesha to guard the entrance to her bathing chamber and not to admit anyone. Lord Shiva arrived and wanted to go in; unfortunately Ganesha didn't realise this was his, I suppose you would say, step-father, and so barred the door. Shiva, incensed, cut off the boy's head. At this point Shakti came out of the bath-house, saw Ganesha dead and was distraught. Men were sent into the forest to bring back the first animal they could find, which happened to be an elephant. Shakti took the elephant's head and used it to re-animate the boy, which is why Ganesha has the head of an elephant but the body of a human. Lord Shiva, realising what he had done and how steadfast Ganesha had been, decreed that Hindus should offer prayers to Ganesha before all other deities, and that if they only had time to pray to one, it should be Ganesha. My taxi driver also told me that he had taken part three times in the annual fire-walk at the Mariamman temple. Only men are allowed to do the fire-walk, though both they and women may undertake other penances, such as progressing around the temple courtyard by rolling on the ground. Apparently one may do a single fire-walk, but the custom is do to 'batches' of three. The fire-walk is preceded by a month of fasting and devotional study, the effect of which is to produce a feeling of detachment from worldly preoccupations. I asked if it hurt. Somewhat to my relief, he said it did. Or rather, that he felt the pain but was not troubled by it. Instead, he focused his thoughts on forgiveness for the wrongs he had done, and on gratitude towards his mother. I asked if his feet were burnt. Again, I was in a way relieved to hear that they were; relieved in the sense that the principles of 'fire and physiology' were not being warped here. However, he said that the resulting blisters only lasted two or three days. I'd love to be able to tell you more... but at that point we arrived back at my hotel.

Entries to this blog have been a bit sparse over the last week, because I'm halfway round the world at the moment, attending the Liberty Sponsors' meeting in Singapore. It's a tough job, I know, but they asked for a volunteer. It's very warm and rainy here, but fascinating. The Singapore approach to municipal bedding plants is also interesting: in England you get some begonias, daisies salvias and the like. Over here it's 20-foot palm trees, cannas and the fabulous Strelitzia or 'bird of paradise' plant.

In a characteristically oblique fashion, here's the UK Foreign Office press release about an accord recently signed with Libya about the UK policy of deporting undesirables. The Foreign Office has the unenviable task of communicating UK policy to other governments, no matter how unappealing the contents of the policy in question. That is partly why its diplomats have such a reputation for nuanced phrasing, once described to me as "the ability to tell someone to go to Hell in such a way that they feel they would benefit from the journey". In this press release, you'll notice that it's the Government which is said to have a firm belief that this is a good idea (not the Foreign Office or the Foreign Secretary, who are the ones who deal with other governments daily). The press release also skates proficiently around the main issue, which is the likelihood of harm to those deported in this way. The MOU is intended as a sop to the Courts, who are uneasy about sentencing anyone to be deported to a country where they are likely to face harm. The MOU "should enable the British Courts to allow" deportations. How generous that makes it sound. Of course, the British Courts and the UK Government have powers to deport undesirables already --- witness the deportation under the Immigration Act 1971 I referred to in a previous entry. However, it is also under international restrictions about sending deportees back to regimes where their human rights are likely to be infringed. Naturally those countries are often the ones which decline to be bound by the international restrictions in question... so how much attention they are likely to pay to a bilateral MOU remains to be seen. I don't think I would enjoy being a guinea-pig in that particular test. None of this addresses the other underlying question about this policy, which is that if you think someone is genuinely a threat to national security, and you're prepared to prosecute them on that basis, why on earth would you export them beyond the reach of your own jurisdiction and law enforcement?

I promised a bit more after my initial, rather rushed post of a couple of days ago. Here's a link to the Liberty Press Release about the new Policy and Implementation Guidelines. With its discrete Expert Groups for Technology, Public Policy and Business and Marketing, the Alliance has always recognised that a viable approach to fixing the business problems of identity depends on a lot more than technical specifications. I think it's also a symptom of having a consortium made up of 'user' companies and not just technology vendors. For some reason they won't let us only do the techie stuff... we have to work on how to put it into practice too. Mind you, that does also encourage a certain realism. After all, there's no point defining a constellation of specifications which are technically great but too complex to be put into productive use.

Well, The Independent newspaper appears to have woken up to the implications of the proposal to extend to 90 days the period for which a terrorism suspect can be detained without charge. If you remember, this is something the law enforcers asked Tony Blair to arrange, so that they have time to do things like look through hours of CCTV surveillance footage in search of evidence. Yesterday's front page splash in The Independent was partly prompted by the publication of a Foreign Office report comparing the UK proposals with the current status of similar legislation in other countries. It should not surprise anyone that the UK proposals are far harsher than anything they could find in the countries they surveyed. As I noted a few days ago, Home Office ministers trying to defend the proposals were even prepared to cite the measures in place in legal systems radically different from ours, such as France. The Foreign Office report presents Mr Blair with an embarrassing dilemma. It makes it abundantly clear that the UK proposals are way out of line with other democracies. Unfortunately for him, the only rational counter to that is to point out that the risk analysis in the UK justifies more stringent measures. Of course, he can't deploy that argument, because it would imply a causal relationship between taking the UK to war pre-emptively against a Muslim state, and the resulting increase in the terrorist threat against this country. That's a link which he would rather we did not think about. So to date, his only defence against the criticism that these measures are draconian is to bleat that "the Police will not be locking people up indiscriminately just because we introduce powers for them to do so". Of course, the fact that a police officer detained Walter Wolfgang under Section 44 of the Terrorism Act for the heinous crime of heckling the Foreign Secretary at Labour's party conference rather gives the lie to that, doesn't it? There is no way to avoid this conclusion: if these legislative powers are introduced, then not only will they be used, they will also be abused.

More on this later... in the meantime, here's the URL.

Drew's blog is already in my blogroll, but he's promising a couple of new entries on some specifics of the proposed UK ID Card implementation, and that's definitely worth a mention in its own right, because he knows what he's talking about. Here's the first one, on ID Cards and the NIR (National Identity Register). Actually that name (NIR) is a bit misleading, because the current proposals are for it to be a National Register of Credentials, Entitlements, Stuff About You and an Audit Trail, but obviously NARCESAYAT isn't a very catchy acronym. I just hope it doesn't mean something rude in Turkish or Armenian.

Further to yesterday's post, I understand that the Pakistan High Commission in the UK has also set up special services, both in its London office and at major (I assume UK) airports, for those trying to travel to Kashimir. I'm having some trouble getting at the High Commission's website , but here is a page with most of the relevant details of Pakistan consulates and so on.

My thoughts too are with those affected by the earthquakes around Islamabad and Muzaffarabad. I understand that many UK residents with families in Pakistan are heading out to help and to be with their relatives. Apparently the British High Commission in Islamabad has set up a desk at the airport to offer people additional information on arrival. The UK Foreign Office pages on Pakistan are understandably somewhat slow to load at the moment, so here is a copy of the information posted as of today (Monday 10th Oct 15:30 GMT): SUMMARY * A large earthquake on 8 October with its epicentre near Muzaffarabad in Azad Kashmir has caused widespread damage. There is extensive disruption to transport services in the region. Details are continuing to emerge. * We advise against all travel to the Federally Administered Tribal Areas adjacent to Afghanistan, including Waziristan and the Khyber Pass. We advise against all travel to areas where there are ongoing military operations. * We advise against all but essential travel to the Swat Valley in the North West Frontier Province (NWFP), northern and western Baluchistan, including Quetta, and the Sui/Dera Bugti area, and to all border areas except for official crossing points. We advise travellers against using the rail network in Baluchistan. * There is a high threat from terrorism throughout Pakistan. British nationals of Western origin are more likely to be targeted but everyone is at risk from indiscriminate attacks. Previous attacks against Westerners have included bombings and kidnaps. * On 22 September 2005, two small bombs in Lahore killed seven people and injured 36. * There is a high risk of sectarian violence throughout Pakistan. We recommend that you avoid places of worship and surrounding areas at busy prayer times. * Since mid-July 2005, sectarian tensions in the Gilgit area have risen sharply and have included violent attacks. You should only travel to Gilgit by air, and avoid the centre of town. Road travel direct from the airport north to Baltistan and the Hunza valley is possible. Caution should be exercised when travelling by road along the Karakorum Highway (KKH). You are advised to join a police guarded convoy and travel in daylight hours on the KKH. * There is also a serious risk of criminal violence, especially in Karachi. You should be very careful about, and confident of your personal security arrangements throughout your visit. * For more specific local security advice about the cities of Islamabad and Karachi you should contact the Consular sections in the High Commission in Islamabad and in the Deputy High Commission in Karachi respectively (during office hours: GMT +5 hours - contact details below). * If you or your father were born in Pakistan you might be considered by the authorities to be a Pakistani national even if you do not hold a Pakistani passport. In such circumstances, the British government might be prevented from providing the full range of consular assistance. * You should obtain comprehensive travel and medical insurance before travelling. You should check any exclusions, and that your policy covers you for the activities you want to undertake. If you need to keep informed about earthquake activity around the world, this site has clear and useful maps of historical data, and an email alert service you can sign up to. There are also different maps and data (as well as another route in to the USGS pages here at the Edinburgh Earth Observatory site.

Thanks to Horst Thieme for the pointer to this Danish site . Beer, brewed under Creative Commons on an open source basis. Oh, those crazy Danes.

Note: "Vores Oel" means "our beer". Asking for "Øl" (pronounced the way an Englishman would say "earl") sounds like you want lubrication. Which, in a way, I suppose you do. After all, I think our friends in Oz refer to it as neck-oil. ;^)

Following on from my previous post: two things about the current UK anti-terror legislative proposals still need to be called out as unacceptable. Both relate to the proposal for detention without charge for up to three months. First, let's not forget that the government has already had to revise previous proposals for detention of terrorism suspects: this Guardian newspaper article is a handy reminder for those of us whose memory of these things fades ever more rapidly. The proposal for suspects to be detained for up to 90 days without charge remains unchanged, and still represents the undermining of a fundamental principle. Second, the current proposal is being justified on the grounds that "in France and Italy, for example, people can be detained for up to four years without charge". Now, I am open to any legal advice or opinion on this one, but I think this is a misleading and bogus argument. The fact that something is done under another country's jurisdiction is no reason to assume that it should be done under ours. Will the government soon be bringing forward proposals for thieves to have their hands amputated, or adulterers to be stoned to death? Not that I'm implying that either those would happen under French or Italian law. On the other hand, as I understand it both French and Italian law have a preliminary stage to a prosecution in which 'a dossier is opened', and an investigating magistrate starts to look into the basis for the charges. That phase can go on for some time, and may or may not result in a prosecution, but I don't believe the subject of the investigation is necessarily detained during that time. The Napoleonic code is renowned for having no presumption of innocence (sometimes phrased as "guilty until proven innocent"). That is probably the single most significant difference between our legal system and theirs. That is a difference which the present government seems regrettably determined to erode.

Three weeks after proposing the creation of a new offence of "glorifying terrorism", UK Home Secretary Charles Clarke has revised the original proposal. Now, someone 'glorifying' terrorism would have to "intend to incite" further acts of terrorism in order to be committing an offence. The way Clarke phrased this was "make a statement glorifying terrorism if the person making it believes, or has reasonable grounds for believing, that it is likely to be understood by its audience as an inducement to terrorism". I think there are still two problems with this: first, I find it hard to see what proof a law enforcement officer is going to be able to offer in support of a claim of "intent to incite", and second, the qualification of "reasonable grounds for believing" once again shifts the liability for commission of an offence away from the "inciter" and onto their audience. That seems to me to be both subjective and similarly hard to prove. There is also a strand of the legislation aimed at creating "powers to close places of worship used to foment extremism". I think this is another worrying development, but I am not sure what the appropriate legislation would be. It's worrying because it seems to me to take that undesirable step of closely identifying a specific religious community with equally specific anti-terrorist measures. Bluntly: it is hard to see this as anything other than a measure aimed at radical Muslim clerics. I instinctively mistrust that as a basis for drafting any law.

As Masood notes, the Muslim fasting period of Ramadan has just started. He also linked to this factual but entertaining article about the practice of Ramadan in the UK. This year, perhaps more than most, I think this is an opportunity for non-Muslims to understand and appreciate a little more about Ramadan and what it signifies. A lot of Christians I know find Lent quite a challenge. I wonder how they would fare under a Ramadan regime! And if you have Muslim co-workers who are observing Ramadan, maybe this is an opportunity to ask about what it's like for them, why they willingly undergo something which we might balk at, and whether there's anything you can do (or not do) to make it more bearable!

Wow. As if the natural disaster and its immediate aftermath weren't enough to cope with, New Orleans now has to struggle back to its feet with a halved city admininstration... and 3,000 more on the dole. I know little or nothing about the relationships between elements of the US City/County/State/Federal structure (beyond the fact that this episode has revealed some of the huge complexity of it all), but even taking that into account, this seems such a counter-intuitive way to go. OK, there must be some City Hall functions which are redundant (I can't imagine there's a huge demand for traffic wardens [meter maids] currently...) but surely there are other areas where they need all the hands and minds they can get? There must be a better way...

Hmmmm. A colleague pointed me to this interesting perspective on open standards in the Identity world, on the 'Roadmap' page for Apache's TSIK project. I know the Liberty Alliance is a shy, modest and essentially secretive organisation, but it does put out the odd snippet of press and PR information occasionally, so even if you don't get hit by it accidentally it doesn't take much application to find out about it. Specifically, it's very hard to go far beyond www.projectliberty.org without tripping over the Alliance's commitment to open standards. The adoption of Liberty ID-FF specs as OASIS' SAML 2.0 would seem to me to illustrate that as clearly as possible. The Apache website notes that TSIK started out as a Verisign closed-source project. I wonder if any of my Verisign collaborators at Liberty are aware that ID-FF and ID-WSF are not among those the TSIK team considers to be "based on open web services standards". Perhaps someone should have a quiet word......

Several good articles in the current issue of Information Age, not least on the incipient revolution on software pricing. But more of that later. There's also an article on the Identity Management 'landscape', so naturally that one gets priority. It's billed as a 'Sector Profile', and the author, Pete Swabey, does a good job in that regard, giving a fly-by of the vendors and Gartner/IDC analyses. The detail is good too; here's a subset of the points he makes which happen to resonate with my own experience:

• The 'frontier' of complexity in IDM is currently around adapting policy- and role-based mechanisms to the intricacies of a dynamic business;
• Regulatory compliance is a significant driver for auditability and therefore IDM;
• Federation has a significant role to play;
• Humans are not the only entities with identities which need to be managed;
• IDM can be as much about physical access and device provisioning as it is about authentication and password management.

There are also some implied points which it would be inaccurate to attribute to Pete, but with which I suspect he might agree. For instance, a couple of his contributors note that HR departments are often the point at which information about a user intersects with information about IT resources (particularly in role-based setups, I would suggest), but then go on to note that the HR department should not necessarily 'own' the digital identities as a result. I would go further and suggest that responsibility, accountability and even liability for digital identities and their use should rest with an employee's business unit --- even if, as is often the case, the 'definitive source' of information about who is an employee does indeed reside in an HR repository. There is a nice section showcasing Liberty, federation and the importance of identity management in the context of web services. Pete correctly draws out the aspect in which I think Liberty is recognised as having added particular value, namely the implementation and policy-related guidelines which supplement the technical specifications. These guidelines illustrate best practice and address concerns such as regulatory compliance, data 'ownership'/custody, liability questions and so on. To my mind, that's one of the reasons why Liberty is still such a groundbreaking enterprise. The article closes with a few remarks on infrastructure vendor lock-in, which is where I would again diverge slightly from Pete's analysis. I think there are two relevant counters to such lock-in tactics: first, the whole notion of federated identity, particularly with web services, tends to decouple the 'service delivery' platforms from the 'identity' platforms. Second, there are the principles of open standards and interoperability, which Sun and Liberty both propound. I think customers are genuinely starting to trust in the ability of open, interoperable products to deliver the benefits which are claimed for them. My own view (as a vendor employee) has always been that the best (if not always the most restful!) way to lock your customers in to your products is to keep delivering added value.

Well, in a piece of brinksmanship the likes of which we haven't seen since the Cold War, the Turkish delegates appear to have judged things to a nicety. Austria, the lone dissenting voice opposing the start of long-promised accession talks for Turkey, finally withdrew its demands for them to be offered everything short of full membership. The talks can now begin. Some of the comments which accompanied the agreement focus on the fact that Turkey will be the first Muslim country in the EU --- though Turkey has been a secular state for almost 100 years, has a constitution which establishes freedom of religion, and a legal system derived from the European model rather than Sharia law. But to my mind, that's not the real point. Most of the existing member states have a Muslim population of some kind, and are increasingly aware of the niceties of Islam and Muslim culture. No, the real point is that this opens the door to a Turkish presence at the negotiating table, which, as the Austrians have just found out, is going to add a whole new dimension to things. In my experience (and let me qualify this by saying that I mean it in the most affectionate way: all my visits to Turkey, whether for business or pleasure, have been thoroughly enjoyable) there are two things about transacting with a Turk. First, don't even think of trying to out-negotiate, out-haggle, or even out-play them at backgammon. Second, the word 'byzantine' doesn't have its current connotations for nothing: it often seemed to me that my Turkish counterparts would do business any way except simply, and that a deal was only worth winning if it was thoroughly convoluted. I have a sneaking feeling those Brussels Eurocrats are only just starting to suspect what lies ahead of them. (The BBC article notes, rather ominously, that even the talks are expected to last up to ten years...). The Turks, on the other hand, must be eyeing the Brussels power structures with the same sort of gaze a child reserves for a brand new adventure playground. It could even promise to be quite a spectator sport. We're unlikely to see anything quite as entertaining in Brussels until the accession of either the Armenians or the Lebanese, both of whom, in my opinion, can give the Turks a run for their lira in the negotiating stakes.

This quote came out during one of our round of analyst briefings last week. When I've had a reply I should be able to attribute it ;^) "Functionally, there's no substitute for [Liberty] ID-FF. There are some things out there which claim to be, but they're not".