Yahoo! Publishes results of OpenID usability study

Thursday, 16 October 2008 09:35:00 CEST

Very good and much needed work by Yahoo!

From a usability perpsective, it shows what many already know.. OpenID does have a long way to go before being ready for really mainstream adoption. Users are used to usernames and passwords, and unlearning that will take time and effort.

It looks like Yahoo! is realizing the potential of OpenID enabling there userbase. If you can capitalize on a significant userbase on your own site, why not send that same userbase to a different site, and capitalize on them there could be one line of thinking. It's good for Yahoo! because it generates (ad spnosered) cashflow and it's good for the users because they get the choice of using their Yahoo! account as identifier.

Presentation From Open Source Days 2008 In Copenhagen Is Now Online

Saturday, 04 October 2008 22:00:00 CEST

(Local copy)

Announcing Danish OpenID Chapter

Saturday, 20 September 2008 06:15:00 CEST

A Danish chapter of the OpenID Europe foundation is being formed to evangelize OpenID in Denmark and promote adoption. The first meeting will be held on October 2nd in Copenhagen, and everyone with a interest are invited to attend.

The Danish chapter and the result of the first chapter meeting will be formally announced at Open Source Days 2008 on Saturday, October 4th.

Further information and the full introduction can be found here:

Speaking At Open Source Days 2008 In Copenhagen

Wednesday, 27 August 2008 16:09:00 CEST

On October 4th, I'm presenting at the upcoming Open Source Days 2008 conference in Copenhagen.

The presentation titled "Identity 2.0 - OpenID & User Centric Identity" explains the evolution of digital identity on the Internet, why current systems (or lack thereof) simply don't cut it anymore, and why OpenID may be a good alternative for the next step in the evolution of Internet identity.

Part of my message is that OpenID is the best contender for the next evolutionary step in digital identity offering the best compromise between usability, security, features, and easy of implementation.

The OpenID protocol may not provide perfect security, but I believe that misses the point. Much of the debate has focussed on perfect security with very little debate around the level that is actually needed now and until the next evolutionary step comes around. Two examples. IdP knowledge and RP collusion.

In many new identity protocols such as Microsoft Live (formerly known as Passport), Google Account, Facebook Connect, AOL, Typekey, and indeed OpenID, your identity provider (IdP) will know of every time you use your digital identity. This is an insecurity from a privacy perspective.

Not only will your IdP know your digital footprint - who cares? Google knows everything anyway - but two or more relying parties (RP) may "compare notes" (collude) to learn your digital footprint. This, also, is an insecurity from a privacy perspective. But, who cares? Except maybe Google who will no longer hold the monopoly on knowing everything.

Although the above examples are insecurities they are generally accepted facts that few (at least in 2008) would consider "fixing" in a new protocol. They are compromises from perfect security. They are the comprises needed to evolve digital identity.

Open Source Days is the largest conference in Scandinavia focussing on technical and commercial aspects of open source software.

Social Media Reduce The Cost Of Police Investigations

Sunday, 25 November 2007 06:00:00 CET

Headlines are always difficult, and the headline for this post was no exception. It should probably have read Digital social graphs reduce the protection of privacy, by lowering the inherent barrier cost of access, but then no one would even get through the headline.

However, the point remains, that by doing the hard work of mapping and documenting our social relationships on social media such as Facebook, we reduce the cost of investigative work from thousands of dollars to the mere cost of a court order. Our network and relations is a key ingredient in e.g. many police investigations, and requires the police to spend countless hours talking to friends, neighbors, etc. to learn. With social media, we've done all the hard work up front, and this significantly changes the inherent protection of the privacy of the individual.

Until now, the cost of obtaining information, private or otherwise, about individuals has been an important defense mechanism in protecting privacy. Much can be learned about any given individual if you hire a private investigator to do the digging, but the cost of doing so ensures that it rarely happens. Social medias generally don't make private information publicly available unless you choose to publicize it, but here the power of a court order slightly redefines your choice. You're no longer making the information to difficult to obtain, you're only making it difficult to obtain for anyone without a court order.

By all means, the police should certainly utilize all means within the boundaries of the law, to perform the best and most effective investigation, and if valuable information is available at the "click of a court order" this information should be obtained. I'm advocating a limitation of the access granted by a court order, however, we should carefully consider how usage is governed.

Consider the following scenario. You create a profile on Facebook, and add an application by a developer in China, granting the developer access to your information. Chinese law dictate that the government has unrestricted access to all data available to a Chinese company (I have no idea if this is the case), including your profile data you gave the developer access to. In your profile you've stated your political view as liberal, and a Chinese foreign exchange student you know from college, as a friend. Some time later, Chinese intelligence services trawl Facebook data available to them through application developers for Chinese people who are friends with people with stated liberal views for the purpose of extended monitoring.

This scenario is certainly technically feasible, and if not this then many other similar scenarios would be of great interest to many parties.

Our societies implement many inherent checks and balances through barrier costs, and Identity fraud is a good example. Identity fraud is not new, but "in the old days" it required expert skills in forging documents, operating money printing presses, etc. If you haven't seen Catch Me If You Can it's a great introduction into how difficult identity fraud was "in the old days". The Internet is reshaping the barrier cost or the cost of entry into identity fraud, and supply and demand dictates that a lower price means a greater uptake.

This translates directly to access to and use of private information. When the cost of both dramatically decrease so will interest in expand use similarly increase. Most countries screen airline passengers for known terrorists. Why shouldn't they be allowed to compare friends' lists of passengers with the list of known terrorists? On the basis that if you are a friend of a known terrorist, we really don't want you inside our country.

I'm not aware of any cases, where a person's digital social graph have been used in court or otherwise, but the use case seems obvious.


Monday, 19 November 2007 06:00:00 CET

Identity is the future building block of IT systems. Most of the new technologies and paradigms, that Gartner & Co. tell us will completely change the way we work, is solely based on the work of digital identities.

It is not IT systems that create successes of social collaboration media such as Facebook, Wikipedia, or even Google Search, rather it is the identities working hard to create and maintain the content that people use them for. It becomes a self-perpetuating effect. Even the key ingredient in the succes of Google Search with it's vast index of content is not the content itself, but the links within the content that people choose to create.

There are probably many things that Google and Microsoft don't want to collaborate on, but individuals from both would probably like to collaborate on a captivating descriptions of instant messaging on Wikipedia. Existing corporate boundaries do not allow this, but new platforms are helping to create these cross-cutting groups. The notion of IT systems is wholly inadequate to describe the complexes that is Google, Facebook, or MySpace. Allowing people to collaborate across established cultural and social boundaries bring them together in solving problems, common to the newly established groups' focal point.

Not only are common social groups recombined, but they are also enabled to build upon the work of each other, greatly improving productivity and the speed of innovation, e.g. completely rewriting the rules of developing new systems and capitalizing on data. Facebook and MySpace are great examples of how billion dollar businesses can be created on the basis of a [many] digital identitiy used to recombine data of and about the people behind, e.g. linking pictures on Flickr to the identities of the people in them.

The one common element of the plethora of new services (, MakeMeSustainable, and technologies (Skype, CardSpace, Instant Messenger/Presence, ) that are being developed, is their focus on identity and how to enable collaboration in new and better ways, and often about new things.

Why GMail support for IMAP isn't that great

Monday, 05 November 2007 06:00:00 CET

The day the "GMail does IMAP" story broke everyone, myself included, spent a significant part of their day tweaking the GMail interface, in desparate attempts to emerge this craved new feature. The number one [missing] feature preventing many users from switching to GMail.

Since then everyone has praised the new feature, but it seems that everyone has been missing the obvious. The support isn't that great.

IMAP for GMail transforms this:

Into this:

Not that great ...

IMAP may be great, but it only truly rocks when used with folders, and many users have lots of nested folders - which, incidentally, imho kills the label concept of GMail. That is, you can have one or the other but you can't have both without compromising both concepts.

It seems the GMail support for IMAP leaves three options to would be users:

  1. Live with label explosion and ugly looking labels
  2. Transform your highly developed folder-archiving-approach to a new and untested label structure
  3. Stick to your existing folder-archiving-approach, and pass on the GMail IMAP offer for now

Indeed, those users that have been craving IMAP support the most, are probably also those most willing to change their archiving approach - it's a new system and technology to learn and adopt which is always fun.

However, for all the less technology craving and fascinated users for whom e-mail is just a tool, not being able to migrate their existing inboxes by dragging and dropping (another primary justification for IMAP) is going to be a real issue.

Myself, I chose the second option, and spent many hours devising a new label system :-)

The Only Reason Needed To Choose Lightroom

Monday, 10 September 2007 06:00:00 CEST

Disclaimer: This post will probably stir a flame war, so please realize that this post certainly is not a siding in the “Aperture vs Lightroom debate”.

If you “believe” in DNG (as only time will tell if the belief had merit) then I would contend using a photo organizer that stores metadata outside image source files constitutes a significant comprise of that belief. A stock photographer can easily spend a significant amount of time captioning and tagging images, and that investment will experience the same platform and vendor lock in, as choosing a proprietary raw format, if that metadata cannot easily be exported. The same argument could also be made for image adjustments performed in such an application.

When deciding on something as important as your image organizer of choice, you first read up on the topic through a multitude of online resources, then download and test 3-5 select candidates, and finally make an informed choice of application, that best suits your needs, right?

At least I started with that approach when I needed to upgrade my manual Finder-and-Photoshop workflow to something reflecting the current century.

Then I discovered that only Lightroom provides something resembling acceptable support for writing metadata to source files, and that pretty much decided for me. Not that I didn’t boil it down to a few select candidates, which I invested significant time in testing. I’m also very fund of my Mac, so I even selected Aperture on the totally subjective criteria that “Made by Apple is better”.

In the end, however, I realized that my need to store image metadata in the actual source files, vetoed pretty much all other requirements.

I don’t believe that strongly in the lock-in issue to discount a solution merely on that basis if it was a perfect match for my needs. However, I do need a practical solution to:

  • Working on both Mac and Windows
  • using several different image editing applications
  • work with image files in- and outside the image organizer
  • not having to worry about, or take many special steps to keep images and metadata together.

and only an application that synchronizes metadata back to the source files can effectively support this. Iview was an acceptable solution, but it’s becoming outdated, and doesn’t correctly synchronize all IPTC fields. That leaves just Lightroom, which I think is much too slow compared to e.g. Bridge or Photo Mechanic.

My wish list for an image organizer is an application that:

  • has the speed of Photo Mechanic
  • has the interface of Aperture
  • has the DNG and XMP support of Lightroom

And obviously can synchronize metadata back to source files.

Help Answer This Survey On Internet Scale Identity Systems

Tuesday, 21 August 2007 06:00:00 CEST

I’m a big fan of surveys. Admitted, much can be said about the accuracy and truthfulness of individual answers, but I believe that a well written survey can serve to show a trend on a subject matter.

Identity Woman is promoting a survey on the future of Internet scale identity systems, and I’d recommend everyone with an opinion on the matter to spend a few minutes completing the survey.

Yet Another High-Profile OpenID Provider

Wednesday, 27 June 2007 06:00:00 CEST

Yet another entrant into the OpenID identity provider space.

Ping Identity, a well known pure play vendor of identity management solutions has launched an OpenID identity provider service on and in the best of web 2.0 traditions, the service is in beta, joining the crowd of similar initiatives.

The firstmovers had the benefit being just that, but by now it seems that simply launching a new Personal Identity Provider (PIP) service has become old news, and each new service provider doesn’t really bring anything new to the table. Looking at the new service from Ping Identity, it’s functionality is remarkably similar to that of any of the others, which begs the question of what their raison d’être is.

By now, a PIP needs to add some other level of value, to be the preferred choice by the Internet user, just like ClaimID is doing.

However, all that being said, does have a very nice user interface, and it is interesting simply because it’s a child of one of the very innovative players in the identity space. To my knowledge, this also makes Ping Identity one of the first enterprise solution providers, to take (active) notice of the user centric identity space.

Strangely, doesn’t accept citiy names that are spelled with non English characters (I haven’t tested this on other fields).

Page 3 of 5