Robin Wilton's esoterica

It is, as my uncle used to say, a Funny Old World. Believe me, when he said it you could hear the capital letters. He would then pause reflectively and (after a suitable interval) go on: "Makes you wonder, sometimes, what it's all about". Say what you like about eternal verities, but that's not a bad stab at one. I've seen stone tablets with less useful stuff chiselled into them.

So first - Merry Christmas, if that's what you celebrate. Apparently it's a bit politically incorrect to 'presumptively' wish people Merry Christmas, but the way I see it, if someone wished me a Joyful Diwali, or Festival of the Autumn Moon - or Lesser Badger's Day, come to that - I would be grateful for their good wishes - and in no way insulted by any notional implication that I shared their beliefs, so there you go.

If your beliefs about this time of year are purely fictional, then Happy Crimboween or Hogswatch...

Second musing; it struck me again recently that I find the concept of intercession an odd one... that is, the idea that one might pray for a third party such as a saint to, as it were, arrange things on one's behalf, or the notion of  praying 'especially' for one group of people rather than another. The word 'especially' seems to crop up a lot in Church of England intercessions, as in "we pray at this time for those who govern our country... especially the royal family/prime minister/etc...". Is this along the same lines as 'charity begins at home', I wonder: 'I don't mind other heads of state getting their quota, but please God, do our lot first. They do queue awfully politely, after all."

And on Christmas Eve I heard a vicar say: "Let us offer our prayers for x... especially [there it is again] in this most sacred month". Which made me wonder... is December the most sacred month? I suppose it's hard for Easter to be a factor, as one's never quite sure which month it's going to be in, but then again, it raises the inevitable question... which is the least sacred month?

I'd vote for February, personally - can't stand it generally, but just as I don't really see why people I know better should get prioritised prayers, so it seems a bit harsh to consign February to relative profanity while trumpeting the sacredness of December.

All in all, it may be a Funny Old World... but it would be a darned sight odder one if I were a vicar, I am forced to conclude.

So although in 2007 you may find yourself wondering, sometimes, what it's all about, I hope the year brings you peace and happiness.

Belated link to a good post by Richard giving various perspectives on ID Theft. Richard is (among other things) the author of a blog called POSIWID - a superb acronym which stands for "Purpose Of System Is What It Does".

Fittingly, one of the topics he mentions is the use of Social Security Numbers as an index to national identity schemes - something which is apparently being considered in the UK. As he points out - SSNs are not secret values. In fact, they are not even credentials; they are at best an unsecured attribute which is, essentially, in the public domain. The problem is that, as usage in the US amply illustrates, service providers become accustomed, over time, to treating this non-secret value as a reliable substitute for credentials. Hence POSIWID... the Purpose of the System becomes What It Does, which may well not be What Was Originally Intended.

I got a very gracious response to my uncouth 'tagging' in the previous blog, but I'm not going to push my luck. Masood Mortazavi says he was about to tag me, but saw he'd been beaten to the punch. So in the spirit of compromise, here are five more priceless nuggets, but I'm not going to tag another five people.

1 - the MI6 defector Kim Philby absconded from Lebanon while we were living there;

2 - in Egypt, I to a primary school run by nuns (all schooling was conducted in French);

3 - in Aden, my playmates and I used to get around the curfew by putting ladders up against the adjoining walls and sneaking over to play in each other's gardens;

4 - in Yugoslavia a favourite place for a bit of fresh air was the hill (about 20km from Belgrade) with the Avala telecommunications tower on it. This installation was hit by airstrikes on Serbia, and its bombed-out wreckage is visible today on Google maps;

5 - in Kuwait, a favourite place for a bit of fresh air was Matla Ridge - later to become the site of the notorious 'turkey shoot' against the fleeing Iraqi army. Somehow I doubt it is a very healthy place to walk around these days.

Is it just me, or do I seem to have left a trail of war and desolation in the wake of my childhood?

Apparently (I wouldn't know, I am one of the less meme-conscious people on the planet) there's a thing going round where you tag five people, and they have to list five things about themselves that not many people know... and then continue the viral pyramid. I'm not even sure that's a real shape.

So here goes:

- In the course of my childhood, I lived in Lebanon, Egypt, Aden (now South Yemen), Yugoslavia (now the FRY), Kuwait and Saudi Arabia;

- My father has two knighthoods: a KCMG and a KCVO... both conferred on him on board the Royal yacht, Britannia;

- One of my favourite words (thanks to Eve Maler) is apophasis - though I wouldn't dream of admitting it;

- At university I once had a philosophy tutorial on the top deck of a double-decker bus;

- I used to learn the French horn. That's an instrument, not a technique.

Okey-dokey; now I have to tag some poor unfortunates. I'm guessing that there's not much point picking non-bloggers, so here goes. I'm going to go for:

- James Governor (Redmonk)

- Jerry Fishenden (Microsoft)

- Toby Stevens (EPG)

- Alec Muffett (Sun)

and, hell, I'm going to go for it and pick

- Michelle Dennedy. There's something irresistible about tagging your Corporate CPO for 5 little-known facts.

Over to you, folks...

I hope you weren't planning to take a break over the next few days... because the Home Secretary has some home-work for you.

Here's your Christmas reading -

- BBC article reflecting the announcement that the centralised NIR plan is to be scrapped in favour of a federation of three existing databases;

- the newly-published Strategic Action Plan for the National Identity Scheme.

This comes immediately following yesterday's announcement that patients will now be granted the opportunity to opt out of having their health records tranferred (with or without their consent) to a centralised National Health Service database.

The phrase 'U-turn' is over-used in political commenting, but I would be greatly encouraged if these 'course adjustments' turn out to represent a fundamental change in the government's policy on citizen control and consent where identity data is concerned.

Well, I'm entitled to a Christmas wish, aren't I?

A little more on the (cancelled) BAE/Saudi arms deal investigation. I should stress again (though it will be obvious, from the fact that the investigation has not been allowed to complete) that I have no idea what the facts are behind the fraud allegations, and whether or not anything illegal took place. That said, here are a fistful of comments from the BBC's article on the story. They include most perspectives, including two from the Attorney General's office:

The Attorney General himself:

Lord Goldsmith said he felt the Serious Fraud Office inquiry would not have led to a prosecution.

The Law Enforcer:

SFO head Robert Wardle said he had "a different view" to Lord Goldsmith.

Mr Wardle told the Financial Times newspaper: "There is no guarantee that charges will be brought until you've completed an investigation."

The Lib-Dems:

Liberal Democrat peer Lord Lester said Britain had to move quickly to change the law to stop political interference in corruption investigations.

"What is so serious here is that the rule of law is threatened and the reputation of the office of attorney general when there is outside political interference of this kind."

The Campaigner:

Explaining why his group was taking legal action, Nicholas Gilby from Campaign Against the Arms Trade said the SFO should have been allowed to complete its inquiries.

The Attorney General's office:

... said it was unable to comment on "hypothetical" legal situations such as the possibility of action by campaigners.

Unless, of course, the hypothetical situation was whether or not the SFO inquiry would have led to a prosecution.

Once again, the justification of government policy seems to rest on the most hair-splitting semantic manipulations. The attorney general has to maintain that antagonising the Saudis to the point where the UK lost the deal is 'contrary to national interests', but cannot say that those interests are commercial or economic ones. If he does that, he will fall foul of EU law. So he has to claim that the threat is to the country's security interests... in that losing the Saudis as a regional ally will increase Britain's exposure to the international terrorist threat.

In other words, the terrorists have succeeded in forcing the Attorney General to adopt a policy despite the law, rather than in conformance to it.

I have no idea what truth lies behind these headlines, but they make intriguing reading, especially in date sequence:

19 Oct 2006: Probe into BAE arms deals widens

The Serious Fraud Office (SFO) has widened its investigation into corruption allegations at UK defence giant BAE Systems.

1 Dec 2006: Paris 'threatens' BAE Saudi deal

French and Saudi officials are in talks over the sale of Rafale fighters, planemaker Dassault has admitted.

14 Dec 2006: Fighter aircraft fraud probe ends

The Serious Fraud Office has ended its corruption inquiry into a £6bn fighter planes deal with Saudi Arabia.

"Attorney General Lord Goldsmith said the SFO was "discontinuing" its investigation into Britain's biggest defence company, BAE Systems.

The probe had related to the Al Yamamah arms deal with Saudi Arabia. BAE has denied any wrongdoing.

Lord Goldsmith told the Lords he thought that a prosecution "could not be brought".

He said the decision had been made in the wider public interest, which had to be balanced against the rule of law.

Lord Goldsmith also said that Prime Minister Tony Blair had agreed that the continuation of the investigation would cause "serious damage" to relations between the UK and Saudi Arabia.

Job fears

It emerged earlier this month that French and Saudi officials were in talks over a possible alternative deal, which could scupper the BAE sale.

The Saudi government was reported to have been angered by the SFO investigation into allegations of a slush fund for members of the country's royal family."

So to recap:

- Huge armaments deal comes under investigation for alleged fraud;

- Customer (Saudi Government) says the deal is at risk because the investigation is offensive;

- Competitive French aerospace deal emerges as a viable alternative, should the UK deal be rejected;

- The investigation is halted because a prosecution "could not be brought" because of the 'balance' between public interest and the rule of law.

Those lines don't seem to leave a huge amount of room for reading between: "if there's a risk of (a) losing 6bn, (b) offending the Saudis and (c) - horror of horrors - losing the deal to our French neighbours, then the rule of law takes a back seat". It all just seems a little... well, blatant.

Incidentally, the leader writer of the Financial Times appears to favour a similar interpretation, describing the U-turn as a 'damaging' one which 'should cause dismay', and the attorney general's justification as 'specious'. This may be a reference to the claim that 'damaging UK relations with the Saudis effectively threatens national security'.

I used to think that maintaining national security while doing things of which other governments don't approve was the reason we have professional diplomats in place (one definition of a diplomat being "someone who can tell you to go to Hell in such a way that you feel you would benefit from the journey"). But then again, that would require that the government takes notice of the views of those professionals.

There's a storm brewing between Local Authorities and their employees, on the one hand, and the Audit Commission on the other. It centres around an existing programme called the National Fraud Initiative (NFI), under which Local Authorities have had a regulatory responsibility to let the Audit Commission know the names of employees. However, the NFI was extended recently to include a requirement for Local Authorities to include the bank account details of all employees as well (account numbers and sort codes). 

The banking details are compared against benefit claims in order to identify possible cases of benefit fraud.

It's hard to know just where to start with a Data Protection/Privacy analysis of this scenario, because almost every rock seems to have something unpleasant under it.

For instance; although Local Authority employees' bank details are subject to this reporting requirement, my bank details (as a private sector employee) are not... so is someone, somewhere, starting with the assumption that local government employees commit benefit fraud and commercial sector employees don't? That sounds fairly dubious. Not that I do commit benefit fraud, you understand.

Then again, as someone who shares a joint bank account with my spouse, isn't there something odd about the idea that my banking details are being passed around from one third party to another without my knowledge or consent?

Ah, well - you may say - the Data Protection Act has exemptions in it for law enforcement access... surely as this is fraud prevention, it must be covered by an exemption? I don't think so. Even law enforcers, when claiming an exemption under Section 29 of the Act, have to specify whose PII they wish to inspect. They are not allowed to conduct loosely-specified "fishing" enquiries. "Send us all your employees' bank details" sounds like an open-ended trawl to me.

Another point is that only certain public sector employees are subject to this requirement; it covers local government and the health service. It does not, for example, include the armed services, central government departments and (as mentioned above) any private sector employees... including agency staff working on contract to local government and health service employers.

The personal details in question are not actually processed by the Audit Commission -  they go to a commercial company. I have no information about what measures that company takes to protect my PII, or about how to exercise any of my rights under the Data Protection Act (such as the right to ask what they're doing with it, how long they will have it for, whether it's correct, how they will dispose of it, and so on).

So let's recap some of the salient points:

This policy manages to be both a 'fishing' exercise and discriminatory, which is quite an achievement. It grants one subset of public sector employees fewer data protection rights than other directly equivalent public sector employees, fewer rights than contract staff working for the same employer, and fewer rights than private sector employees in general;

It is justified as a fraud prevention measure, but does not account for the fact that all those other categories of employee (not subject to the disclosure) represent as probable a source of fraud as the subset who are affected;

It fails to safeguard the data protection rights of anyone who shares a joint bank account with one of the affected employees, including of course people who don't even work for the employer in question.

All in all, it's hard to view this as a shining example of best practice in data privacy and data protection. It's all the more worrying when you consider that the government's MISC31 Committee on Data Sharing in the Public Sector would apparently like this to be the way all public sector bodies treat our personal data... and when you recall that the government's own view is that our privacy interests are well served by aggregating all our identity data into a single National Identity Register.

An interesting news item this morning concerning the UK's Child Support Agency (or rather, its proposed replacement, the Child Maintenance and Enforcement Agency - the CSA now being recognised to have failed.

A White Paper by the Work and Pensions Secretary, John Hutton, apparently includes provisions for the CMEA to confiscate the passports and driving licences of payment defaulters, without having to apply to a court in order to do so. Isn't there something bizarre about a situation in which the CMEA is in a position to physically locate a defaulter and confiscate their passport and driving licence, but somehow cannot garnishee funds from that person's pay packet or bank account? I also wonder who will actually lay hands on the documents in question... would the CMEA have to bring a policeman along, or would they take on some kind of bailiff-like role and seize the papers by force?

Given the practical difficulties which seem to me to beset that approach, I would not be at all surprised if the proposal morphed into one whereby the CMEA is simply able to revoke these credentials without actually having to get physical possession of them.

Now, I don't condone the behaviour of parents who have been judged to have a maintenance responsibility for their children and seek to avoid it -  but three things about this proposal strike me as deeply worrying:

- First, the CSA did not exactly shine as an example of bureaucratic best practice; if the CMEA takes on any of the CSA's legacy, there must be a substantial chance that the wrong people will find they are no longer allowed to cross borders or drive a car. I'd be interested to know what measures are in place to stop 'false positives' like this, and what redress someone will have if they find themselves in such circumstances.

- Second, the lack of judicial oversight ought to cause grave concern - not least, it seems to me, because under this proposal, the CMEA would be 'reaching out' into the remit of completely separate agencies (the DVLA and the Passport Agency) and effectively barring the use of credentials issued by those other agencies. For that to happen without any reference to legal arbitration seems deeply dodgy to me.

- Third, this paints a pretty bleak picture for the future, in which (if government adoption plans are to be believed) driving licences and passports fall behind biometric ID cards in terms of reliability and pervasive usage. It's a small step from confiscation of a driving licence and passport to revocation of an ID card.

"Your 'licence to be' has been revoked, Mr Allitnil."

Finally (I know I said three things.. but I always like to give good value... ;^) there's the Prime Minister's extraordinary comment on this issue, which really gives me cause to ask if the pressures of the job aren't getting to the poor man.

"The truth of the matter is, whatever reforms we have put into the Child Support Agency, they have not worked," he said.

"It is extremely difficult when the agency is being asked to chase relatively small sums of money from people who don't want to pay in circumstances where the mother often doesn't want that to happen either."

So let me get this straight; Mr Blair envisages circumstances where someone who doesn't want to pay is being told to pay 'relatively small sums' to someone who doesn't want payment... and the appropriate course of action is for a third party agency to be given extra-judicial powers to seize the credentials issued by separate government agencies.

I wonder, I really do... 

I've been made aware of  some interesting resources compiled by the Center for Democracy and Technology (CDT) in the States. They have created a snapshot of the applicable privacy and access provisions relating to personal data, arranged by data type (healthcare, financial, video rental and so on) and data protection principles (notice of collection, purrpose of collection, retention period, etc.).

They've drawn up two 'dashboard'-style tables; one for commercial access, and a second for government access. Naturally their analysis is US-centric, but it makes very interesting reading. For instance, non-US readers might be surprised to know that there is actually more regulation of data about Americans' cable viewing behaviour than when it comes to their financial and credit card records (something which I suspect may have more to do with Robert Bork's video rental history than any more rational prioritisation - pace Sect.215 of the Patriot Act).

Anyway, for your perusal, here's the 'Privacy Guidelines' page at the CDT site, and here's their home page, where you will find links to lots of other thought-provoking material.

The CDT's current Policy Director is Jim Dempsey, co-author of the following book:

"Terrorism and the Constitution: Sacrificing Civil Liberties in the Name of National Security" 

A novel idea from Radio 4's Today programme this Christmas; they are polling to see which law listeners would most like to see repealed. 

As a first phase, they are collecting entries for a shortlist via this nomination page. The shortlist will be published on December 22nd, whereupon there will be a vote. The most unpopular law will be announced on New Year's Day.

I'm genuinely fascinated to see what gets nominated... will the ID Cards bill make it onto the list? What about the (effectively) unilateral extradition treaty currently in place between the UK and the US? Or 28-day detention without charge... apparently soon to be re-submitted in its original 90-day form? Maybe it will be the Serious Organised Crime and Police Bill... which makes every offence an arrestable one, and thereby (incidentally) enables the police to make a permanent DNA record of anyone so arrested, whether or not they are subsequently charged with anything. Perhaps the MISC31 Committee's recommendation on Data Sharing in the public sector could qualify - though as this policy recommendation appears to simply bypass the law-making process, that would have to go down as an outside chance at long odds.

On reflection, maybe the biggest challenge for the Radio 4 panel will be whittling it down to a "short" list.

This raised a laugh (well, a smile, anyway) in the headlines today:

Tony Blair warns immigrants to the UK: "Tolerance is what makes Britain... so conform to our society (or else)..." 

Heathrow, Dubai and Hong Kong are piloting an extended passenger biometrics system which will partially automate check-in, security and boarding for passengers travelling between Heathrow and those destinations.

Although from the details I've seen, registration for the new miSense system will share the same office as the recently-introduced Iris system, the two are separate projects.

miSense is run by IATA, which is an airline industry association (and incidentally, not to be confused with ICAO, which is a UN agency). If you remember, a number of national governments, including our own, have said that "biometric passports must be introduced because ICAO says so...").

The stated aim of the miSense project is 'to simplify passenger travel while maintaining high standards of security'. Interestingly, the strap-line on IATA's home page says "We represent, lead and serve the airline industry". I wonder which set of interests wins out in a fight... the airlines' or the passengers'...

As far as I understand it, there are three linked parts to the project:

- miSense; automated authentication at check-in, security and boarding, based on a linkage between your index fingerprint and your passport (created at check-in time);

- miSenseplus; an equivalent fast-track of passport control between the three participating nodes (with Heathrow as the hub);

- miSenseallclear; a pilot of Interactive Advance Passenger Information (iAPI), involving the real-time exchange of passenger data between airlines and governments.


Some interesting points to note:

- while miSense is entirely 'self-service' (i.e. it does not involve verification by a third party that the finger used to register is the finger of the person described by the accompanying passport), miSenseplus does involve a verification element in the registration phase. miSenseplus registration captures the passenger's facial and iris biometrics, and all ten fingerprint biometrics (in other words, the expected components of an ID Card biometric registration).

- both miSenseplus and miSenseallclear involve the exchange of your personal data between the UK Immigration Service and the equivalent authorities in Hong Kong and Dubai. Fair enough - in that they will get those details anyway when you arrive.

- miSenseallclear involves the real-time exchange of passenger information between the airlines and the government authorities in question. If this sounds familiar, it could be because the European Court of Justice recently ruled against an arrangement under which something very similar happened between EU airlines and the US. Presumably the UK government is confident that a similar transfer of passenger details to Hong Kong and the UAE would not give rise to similar concerns under the Data Protection Act and European privacy regulations.

- with miSenseplus you also have to have a membership card. I'm not quite sure why, given that there's no indication that this all means you will be entitled to travel without your passport... and in all probability you will have your biometrics with you too. Unlike Iris, then, this may mean it is possible for someone to get the digests of your biometrics from a source other than the miSense database.


- these are pilot projects, and the FAQ says that any data held will be destroyed on completion of the pilot. However, it also says that "the data you provide may also be disclosed to other government departments and agencies, local authorities and law enforcement bodies to enable them to carry out their functions", and I would be very surprised if the completion of the miSense pilot will have any effect on data retention by such bodies once they have your PII.

On balance, I'm pleased to see that the project is testing a range of authentication and verification levels, depending on which part of the process they want to automate. I'm also pleased to see a range of biometrics being field-tested - though we've been told often enough that biometrics are already sufficiently robust to be used for a national ID Card.

I'm also pleased that this is an optional service; according to the FAQs, even if their criminal record checks on you turn up something nasty, it will only affect your right to remain in the pilot, not your right to travel. That shows a welcome sense of proportionality.

As ever, getting the buy-in of the passenger is, I think, vital. There are two ways of doing that; this project successfully does the first, which is to offer an incentive - you get through the airport processes more quickly. (Though, of course, what that means in practice is that you get to spend longer waiting for your luggage to come off the carousel).

It is less successful at stimulating buy-in through the second method, which is that you convince the passenger that she/he retains consent and control over the usage of her/his data, and that such data cannot be used in a way which compromises the passenger's rights. That may be true of this project.... but if it is, it needs to be openly stated, and passengers need to know how it is achieved.

So over-all, I have a couple of concerns.

First, although the miSense FAQs are actually not bad (I've certainly seen worse, where the 'A' was clearly meant to stand for 'Avoided'), they are far from definitive, particularly about what data is stored where, in what form and under what protection. Like any security bod, I have tattooed on my anatomy (ahem) the homily "Obscurity is not security". If the biometrics and associated PII are securely stored, then that security ought to reside in things other than "not telling you about it". The test of security is to open the bank, show a cracker the vault and say "there you go; here are the blueprints for this kind of vault... do yer worst".

Second, I don't think the passenger is best served by glossing over all that and offering only one portrayal of the service: "it's a system for getting you through the airport quickly and conveniently, and that's all you need to worry your pretty little head about". I caricature, but not outrageously; at what point in the life of the project could one realistically envisage the operators simply publishing, unasked, the details of what data they hold, and how, and who else uses it for what?

I thought not.

I mean, if the White Star Line had said "We have introduced huge icebergs on the Southampton to New York route, for your added convenience and as a means of drastically shortening your journey time", would you take that statement at face value?

I don't normally do endorsements, but hey, it's that time of year when we should bow to the true spirit of Christmas... (like Tom Lehrer, I refer of course to the commercial spirit...)

Are you still missing that last little something for the 'difficult' person on your Christmas list? On the brink of resorting to a book token?

Problem solved... head over to Tim Caynes' blog and check out the range of globalful gear. It has to be the cult Christmas present of 2006, and I predict some smug, knowing grins around the office in the New Year.

Recently I've heard a number of people suggest that the best 'primary index' to any UK national identity scheme would be the National Insurance Number (NINO) - the equivalent to the US Social Security Number. In the UK, your NINO is issued automatically, as you approach your 16th birthday - the age at which you could legally exit the education system and start full-time employment. Thereafter, you need to provide your NINO to any employer, or when claiming benefits, and it is also one of several identifiers used by the tax system.

The use and abuse of SSNs in the United States is a core topic of identity management and identity theft discussions... if one were designing a university course on 'Identity', there would probably be a module dedicated to that - so I'm not going to dwell on it here.

I just wanted to give an example of how hard it is to ensure that this kind of data is processed appropriately throughout its lifespan.

I received a letter recently from an employment bureau, asking if I would provide a reference for a young person seeking a job. Included as part of the heading of the letter was that person's name, date of birth and... National Insurance Number. Now, the employment bureau had no reason to suppose that I'm a business (the letter was addressed to me personally with no company name, at a normal residential-sounding address), so why on earth they thought I would need this information I don't know.

Perhaps they were worried that I might not know which of my acquaintances had suggested me as a referee - which implies a bizarre inner monologue...

"Hmm - a letter asking for a reference on behalf of George Miller. I wonder which George Miller they can possibly mean? Ah - here we go, a National Insurance Number: thank heavens for that... now I know which one they're referring to".

So, I now happen to know someone's name, date of birth and NINO (as well as 'acquaintanceship' information such as gender, marital status, address and car registration number). If I had been that person's employer, chances are I might also have a bank account number for them too. By most reckoning, I have enough to perpetrate some form of identity theft and then fraud - and all courtesy of a third party to whom the subject had entrusted their data, and who, frankly, one might expect to have much better data custody practices.

I think one of the lessons here is this: in the States, anecdotally, the SSN may have started out as a more or less secure piece of data - but certainly now is used in ways for which it was never intended, and disclosed to a far greater degree than its issuers would like. As a result, it has become an insecure index to a huge amount of data about the individual concerned. In the UK, the NINO is not, currently, an index to as much information about its holder, but (as this example illustrates), one consequence is that even organisations who ought to know better may feel that there is no risk in disclosing it, whether or not there is any need to do so.

The risk for the future, then, is of a NINO which is 're-purposed' to serve as an index to far more data about the individual, but a whole set of background assumptions, habits and data custody practices which continue to treat it as a 'plain old National Insurance Number'. Experience should tell us that it is far easier to re-define the data than it is to change the culture of how it is used... and that represents a huge risk.

In case you missed it, Pat Patterson has just done a webcast on the topic of applying SAML 2.0 to the 'lightweight' federation requirements of that nebulous beast, "Web 2.0". For anyone who still thinks that federation, SAML, Liberty and the like are too heavyweight and 'enterprise-centric', this is a very practical illustration of its application to the LAMP environment.

Here's Pat's blog post on the topic, with links to the supporting materials, and here's a very positive article about the webcast, by Rich Seeley at SearchWebServices.com.

Pat has also made it onto Aldo Castañeda's "Story of Digital ID" series, which is great news - a worthy contributor, with a great deal to contribute; here's the podcast.