This issue of XML Daily Newslink is sponsored by:
Oracle Corporation http://www.oracle.com
- A More Perfect Union of ID Management Schemes
- Information Card Foundation (ICF) Announces Seven Featured Card Projects
- Microsoft Releases Its CCI Tools Under An Open-Source License
- Samsung Offers Self-Encrypting SSDs
- Update: Oracle Agrees to Buy Sun
- Argonne Uses RFID to Monitor Nuclear Shipments
- Standards Matter: The Battle for Interoperability Goes On
A More Perfect Union of ID Management Schemes
William Jackson, Government Computer News
The formation of a new umbrella organization to promote interoperability between existing identity management schemes was announced April 20, 2009 by a number of groups working in that industry space. The new organization will be called the Kantara Initiative, from the Swahili word for 'bridge,' which also has roots in the Arabic word for 'harmony'. Kantara is intended to counter a perception of competition between different ID management technologies which has hindered the growth of the field, said Brett McDowell, executive director of the Liberty Alliance. 'This perception we believe has slowed deployment and boxed initiatives into niches,' leading customers to believe that they have to bet on one of three technologies when designing an ID management architecture, McDowell said. 'We can't have stovepipes of technology. Every advocate of this technology sees the value of sending a common message to the marketplace.' The announcement was made during an identity management workshop being held in conjunction with this week's RSA Security Conference...
Identity management is process of users authenticating themselves in order to access online resources, and for providers of those resources to control access by verifying the identity of users according to their policies. This is complicated in the digital world where users are not physically present to prove an identity, and by the fact that most users have multiple identities used for different purposes. A number of workable technologies for asserting and verifying identity exist, and the development community now is working to bring them together into a single architecture. The U.S. government has been a major driver in this effort... Among the Kantara Initiative organizers, in addition to the Liberty Alliance, are the Concordia Project, the DataPortability Project, the Information Card Foundation, the OpenID Foundation, and OSIS, the Open Source Identity Systems organization. All of these organizations, and a large number of other newly formed groups, have been promoting interoperability in general or their own schemes, stretching thin the financial and technological support for the efforts. McDowell said the identity management space now is broken into three broad categories: (1) Federated Identity, a trust system that allows authentication of identities across organizational boundaries, using technologies such as the Security Assertion Markup Language and Public Key Infrastructure (PKI). (2) Information Cards, a technique of managing multiple electronic identities for a variety of purposes, used by Microsoft Windows CardSpace, DigitalMe and Higgins Identity Selector. (3) OpenID, an open standard authentication protocol supporting multiple identities and services, usually in which the actual identity of the user is not important...
See also: the Kantara Initiative web site
Information Card Foundation (ICF) Announces Seven Featured Card Projects
Staff, Information Card Foundation Announcement
The Information Card Foundation (ICF) has announced the first seven Information Card projects to be featured on the new ICF website. The new site was unveiled at a presentation at the RSA Security conference at the Moscone Center in San Francisco today. The announcement is part of the "Harnessing the Power of Digital Identity Workshop" the ICF is co-sponsoring with the Liberty Alliance on Monday, April 20, 2009. The seven projects are actual examples of how the Information Card ecosystem simplifies and standardizes identity-based transactions regardless of the site, domain, application, or information involved. "Just as people needed to first see a Web browser to understand what it could do, now they need to see an Information Card selector to understand its potential," said Drummond Reed, Interim Executive Director of the ICF. "Information cards have moved beyond theory to solve real-world challenges." Information Cards bring a familiar offline paradigm-the cards you carry in your wallet-to the online world. They work with a new software tool called a selector that operates as an extension to your Web browser. Selectors are available today from ICF members Azigo, Microsoft, and Novell, as well as from several open source projects...
The seven ICF projects to be featured include: (1) AAA Discount Reminders helps you never forget another discount as an AAA member. (2) ChoixVert Information Card empowers Internet users to learn about the social responsibility of companies and products on the Internet. (3) The Equifax Over 18 I-Card is the first Information Card that enables a user to prove, and a business to accept, age verification online. (4) The Minuteman Library Network Information Card is the first Information Card to be used as the online equivalent of a physical library card. (5) Student Advantage RemindMe I-Card helps families take advantage of the United State's largest student discount program by providing automatic online reminders of Student Advantage deals many popular goods and services. (6) The U.S. General Services Administration (GSA) I-Card shows how Information Cards can be used to authenticate users to a government demonstration website while preserving privacy, improving security, and virtually eliminating password phishing. (7) WebCard Loyalty from fun communications adapts conventional card-based customer loyalty programs to the Internet using Information Cards. Also at the RSA Security conference, the Information Card Foundation (ICF) announced publication of a new white paper on Information Cards by noted industry analyst Craig Burton. "The Information Card Ecosystem: The Fundamental Leap from Cookies and Passwords to Cards and Selectors" explains why the Information Card metaphor is being recognized across the industry as the future of digital identity both in the enterprise and on the Internet. The white paper also explains the newest development in Information Card technology, so-called "action cards" that safely augment a user's browser experience at websites before the site explicitly supports Information Cards.
Microsoft Releases Its CCI Tools Under An Open-Source License
Mary Jo Foley, ZDNet Blog
Microsoft has released the source code for its Common Compiler Infrastructure (CCI) under one of its OSI-approved open-source licenses. As of this week, Microsoft is making the CCI bits available for download under the MS Public License (Ms-PL). Microsoft officials describe CCI as 'a set of components (libraries) that provide some of the functionality that compilers and related programming tools tend to have in common.' The components provide the ability to read, write and manipulate Microsoft Common Language Runtime (CLR) assemblies and debut files. Microsoft has used CCI internally to develop various programming languages and other tools, including FxCop and Spec#. Earlier this month, Microsoft released its ASP.Net Model View Controller (MVC) code under the Ms-PL open-source license, as well... Speaking of new open-sourced tools on CodePlex, there's a new Facebook API client (in alpha form) that sounds interesting. The new tool, developed by Daniel Schaffer, a social engineer for LiveCash (and self-avowed .Net lover), is meant to 'greatly facilitate the development of 3rd party Facebook applications for developers and development shops already familiar with the Microsoft .NET technology stack.' It's available under the Ms-PL license...
See also: Common Compiler Infrastructure (CCI)
Samsung Offers Self-Encrypting SSDs
Antone Gonsalves, InformationWeek
Samsung Electronics on has introduced what the company claims are the first hardware-based self-encrypting solid-state drives [to incorporate hardware-based encryption, which has made headlines in recent weeks with publication of the industry's Opal storage specification published by the Trusted Computing Group (TCG)]. The 256-, 128-, and 64-GB SSDs provide full-disk encryption using Wave Systems' technology, which activates and manages the encryption. Computer maker Dell said it plans to offer the drives in laptops in the coming months. Samsung claims the added security does not affect the performance of the SSDs, which will be available in 1.8- and 2.5-inch form factors. The company also claims to be the first to offer SSDs that incorporate hardware-based encryption. Such encryption provides better security than the software alternative, because encryption keys and access credentials are generated and stored within the drive hardware, making it more difficult to hack, according to Samsung. Wave's Embassy Trusted Drive Manager, which will come bundled with each Samsung SSD, will manage pre-boot authentication to the drive and enable administrators to set up users. The technology also enables backup of drive credentials. In general, SSDs, which have no moving parts and use flash memory for storage, are more reliable and faster than hard disk drives. SSDs are also lighter, which is a plus for laptops... Besides laptops, SSDs also are making their way in the data center as complements to hard disk arrays. Companies providing server-based SSDs include Fusion-io, Texas Memory Systems, and Super Talent. [The announcement from Wave Systems provides additional details.]
See also: the Wave Embassy Trusted Drive Manager
Update: Oracle Agrees to Buy Sun
Elizabeth Montalbano, InfoWorld
"Oracle has signed a deal to purchase Sun Microsystems for $7.4 billion, plunging the enterprise software vendor into the hardware market and making Sun the latest company to be subsumed by the Silicon Valley giant. Oracle will pay $9.50 per share in cash for Sun, or $5.6 billion net of Sun's cash and debt, according to Oracle. The move follows Oracle's purchases of a raft of companies in the last few years, including Siebel, PeopleSoft, and BEA Systems... The deal comes after Sun reportedly walked away from an offer from IBM a few weeks ago. Though there were rumors Oracle might purchase Sun, it has never before had a hardware or server OS business, a market in which a significant amount of Sun's assets are tied, so the deal seemed unlikely. However, Sun's Solaris long has been a successful platform for Oracle's database business. The two companies also have areas of common interest in their support for Java software, one of the only areas where the companies' product lines overlap. Sun has an open-source Java application server called Glassfish that Oracle likely will hold onto, although the fate of Sun's other commercial Java software, the Java Enterprise System (JES), is unknown. Oracle also had overlap in this area when it purchased BEA, but BEA WebLogic had significant installed base, and Oracle kept the product alive. Sun's installed base for JES is smaller, so Oracle may choose not to hold onto it..."
From the text of the Oracle announcement: "There are substantial long-term strategic customer advantages to Oracle owning two key Sun software assets: Java and Solaris. Java is one of the computer industry's best-known brands and most widely deployed technologies, and it is the most important software Oracle has ever acquired. Oracle Fusion Middleware, Oracle's fastest growing business, is built on top of Sun's Java language and software. Oracle can now ensure continued innovation and investment in Java technology for the benefit of customers and the Java community. The Sun Solaris operating system is the leading platform for the Oracle database, Oracle's largest business, and has been for a long time. With the acquisition of Sun, Oracle can optimize the Oracle database for some of the unique, high-end features of Solaris. Oracle is as committed as ever to Linux and other open platforms and will continue to support and enhance our strong industry partnerships... The Board of Directors of Sun Microsystems has unanimously approved the transaction. It is anticipated to close this summer, subject to Sun stockholder approval, certain regulatory approvals and customary closing conditions..."
See also: the Oracle press release
Argonne Uses RFID to Monitor Nuclear Shipments
Patrick Marshall, Government Computer News
Not content with simply tracking the location and contents of drums that contain nuclear materials, researchers at the Energy Department's Argonne National Laboratory have developed a radio frequency identification tag that can also monitor and report environmental conditions. According to the announcement: "RFID technology is ideally suited for management of nuclear materials during both storage and transportation," said Yung Liu, Argonne's senior nuclear engineer and RFID project manager. "Key information about the nuclear materials is acquired in real time." Liu's team used circuits from Savi Technologies as the basis for the customized RFID tags and added sensors and software to collect and manage the data. Liu said there were two major obstacles to overcome in developing the system. "First, we needed to find out how radiation resistant the electronics parts of the tags were," Liu said. "The second issue was battery life." The team tested radiation resistance by exposing the tags to gamma radiation. The tags were radiated for three months and started to show signs of degradation only at the end of that time... The problem of battery life was resolved by integrating four lithium batteries with each tag. That raises the cost of each sensor to about $200, but it ensures operation for more than 10 years. The Argonne team also integrated an array of environmental sensors to monitor temperature, acceleration and humidity.
See also: RFID Resources and Readings
Standards Matter: The Battle for Interoperability Goes On
Mike Fratto, InformationWeek
Used to be, vendors didn't brazenly fracture standards. Sure, they sought lock-in opportunities, but most knew that if they played too fast and loose, the market would mete out punishment, as in the '90s when TCP/IP rule breakers lost sales... We all say we want our gear to work together, but are you willing to hold vendors accountable for breaking faith? [...] Example: First proposed in 2004, 802.11n was hung up as Wi-Fi Alliance members hashed through competing technical interests. The widely used 802.1X is being revised because critical features were missed the first time. In the realm of cloud computing, you can't get two people to agree to a definition, much less what should be standardized, as evidenced by the recent finger-pointing around the IBM-led Open Cloud Manifesto initiative. And this lack of interest in creating functional, universal standards seems to be accelerating. Cisco's EnergyWise, which proposes building-wide energy management, should have gone to the International Telecommunication Union three years ago. And how confident are you that Fibre Channel over Ethernet will be more interoperable than Fibre Channel? There's plenty of blame to go around, starting with the big vendors that try to game the process. "The larger vendors know the 'flaws' in the current system," says David O'Berry: "They know it takes awhile for things to progress—especially when you want it to take awhile—and so they use that gap to create de facto lock-in at critical junctures." For their part, vendors counter that standards bodies have devolved to the point that they're almost immobilized by politics and squabbling. Consensus can take years, and the market won't wait that long. "Standards bodies tend to be more focused on the process than achieving the desired result in the shortest time possible," says Mike Healey, CTO of GreenPages Technology Solutions...
Case in point, says Healey, is the 802.11n wireless standard. The a, b, and g iterations had hit a performance wall that was hindering business, but the new spec languished for a year in a draft format that didn't significantly change from its final release. "Vendors that were willing to 'cheat' and release products based on the draft established a competitive advantage," he says. "Those that followed the rules were left behind. The IEEE delays were less about technical specifications or design issues but revolved around meeting schedules and documentation timelines." [...] Standards bodies aren't a panacea. Some specs designed from the ground up in these groups are still incomplete. 802.1X, which was ratified in 2001, defines host authentication to authorize use of a port. Unfortunately, the spec defined port use as all or nothing, either open or closed, which means those hosts unable to authenticate, such as guests or devices that don't support 802.1X, couldn't connect at all, at least according to the standard. To support guest access, Hewlett-Packard and other vendors added proprietary capabilities to their switches. Cisco went a step further, allowing its Cisco Discovery Protocol to pass through the port to discover a host, such as a voice-over-IP phone, before the port is authenticated. Both functions are necessary, and even though they don't comply with 802.1X, they don't break interoperability, either. The IEEE is now working on a revision to 802.1X that enhances the protocol based on needs discovered in field deployments. That example just gives credence to vendors' favorite argument: Technology must be developed and deployed with live customers before functionality can be standardized... Yeah, it's a mess. The take-away: If you're guilty of relegating standards support to a "nice to have" feature rather than a requirement, you're part of the problem. If you want products to interoperate, be prepared to walk away if a vendor can't prove compliance. Don't be brushed off with promises of standards support "on the road map." The alternative is vendor lock-in and higher costs, including the cost of maintaining systems that don't work together. Standards bodies are imperfect and must do better. The alternative: splintered networks and broken promises..."
XML Daily Newslink and Cover Pages sponsored by:
|Sun Microsystems, Inc.||http://sun.com|
XML Daily Newslink: http://xml.coverpages.org/newsletter.html
Newsletter Archive: http://xml.coverpages.org/newsletterArchive.html
Newsletter subscribe: email@example.com
Newsletter unsubscribe: firstname.lastname@example.org
Newsletter help: email@example.com
Cover Pages: http://xml.coverpages.org/