Tool Usage

Info Sharing Agreements! Support it! Make it Real!

Kaliya Young · May 23, 2012 · 2 Comments

Joe Andrieu and the Information Sharing Working Group has put a lot of work and effort into creating a Standard set of Information Sharing Agreements represented by a standard label. They want to invest in user -research to make it really work.
I am putting in $100 and I encourage all of you to do the same. They need to raise $12000 in the next 8 days.
See the Kickstarter Campaign here.

Google+ and my "real" name: Yes, I'm Identity Woman

Kaliya Young · July 31, 2011 · 25 Comments

When Google+ launched, I went with my handle as my last name. This makes a ton of sense to me. If you asked most people what my last name is, they wouldn’t know. It isn’t “common” for me. Many people don’t even seem to know my first name. I can’t tell you how many times I have found myself talking with folks at conferences this past year and seeing ZERO lighbulbs going off when I say my name “Kaliya”, but when I say I have the handle or blog “Identity Woman” they are like “Oh wow! You’re Identity Woman… cool!” with a tone of recognition – because they know my work by that name.
One theory I have about why this works is because it is not obvious how you pronounce my name when you read it. And conversely, it isn’t obvious how you write my name when you hear it. So the handle that is a bit longer but everyone can say spell “Identity Woman” really serves me well professionally. It isn’t like some “easy to say and spell” google guy name like Chris Messina or Joseph Smarr or Eric Sachs or Andrew Nash. I don’t have the privilege of a name like that so I have this way around it.
So today…I get this

I have “violated” community standards when using a name I choose to express my identity – an identity that is known by almost all who meet me. I, until last October, had a business card for 5 years that just had Identity Woman across the top.

Display Name – To help fight spam and prevent fake profiles, use the name your friends, family, or co-workers usually call you. For example, if your full legal name is Charles Jones Jr. but you normally use Chuck Jones or Junior Jones, either of these would be acceptable. Learn more about your name and Google Profiles.

When to share your real name? Blizzard and their Real ID plans.

Kaliya Young · July 8, 2010 · 1 Comment

I was recently CCed in a tweet referencing this article “Why Real ID is a Really Bad Idea“about World of Warcraft implementing their version of a “Real ID” in a way that violated the trust of its users.
The woman writing the article is very clear on the identity “creep” that happened and got to the point of requiring users to use the Real ID account within the system to post on forums and EVEYWHERE they interacted on company websites.
She articulates clearly why this creates an unhealthy climate and a chilled atmosphere for many users.
[Read more…] about When to share your real name? Blizzard and their Real ID plans.

Missing: Privileged Account Management for the Social Web.

Kaliya Young · July 27, 2009 · 3 Comments

This year at SXSW I moderated a panel about OpenID, OAuth and data portability in the Enterprise. We had a community lunch after the panel, and walking back to the convention center, I had an insight about a key missing piece of software – Privileged Account Management (PAM) for the Social Web – how are companies managing multiple employees logging in to their official Twitter, Facebook and YouTube accounts?

I thought I should also explain some key things to help understand conventional PAM then get to social web PAM in this post covering:

regular identity management in the enterprise,
regular Privileged Account Management in the enterprise
Privileged Account Management for the Social Web.

1) IdM (Identity Management) in the Enterprise

There are two words you need to know to get IdM and the enterprise: “provisioning” and “termination“.

a) An employee is hired by a company. In order to login to the company’s computer systems to do their work (assuming they are a knowledge worker), they need to be provisioned with an “identity” that they can use to log in to the company systems.

b) When an employee leaves (retires, quits, laid off, fired), the company must terminate this identity in the computer systems so that the employee no longer has access to these systems.

The next thing to understand is logs.

So, an employee uses the company identity to do their work and the company keeps logs of what they do on company systems. This kind of logging is particularly important for things like accounting systems – it is used to audit and check that things are being accurately recorded, and who did what in these systems is monitored, thus addressing fraud with strong accountability.

I will write more about other key words to understand about IdM in the enterprise (authentication, authorization, roles, directories) but I will save these for another post.

2) Ok, so what is Privileged Account Management in the Enterprise?

A privileged account is an “über”-account that has special privileges. It is the root account on a UNIX system, a Windows Administrator account, the owner of a database or router access. These kinds of accounts are required for the systems to function, are used for day-to-day maintenance of systems and can be vital in emergency access scenarios.

They are not “owned” by one person, but are instead co-managed by several administrators. Failure to control access to privileged accounts, knowing who is using the account and when, has led to some of the massive frauds that have occurred in financial systems. Because of this, the auditing of logs of these accounts are now part of compliance mandates in

Sarbanes-Oxley
the Payment Card Industry Data Security Standard (PCI DSS),
the Federal Energy Regulatory Commission (FERC),
HIPAA.

Privileged Account Management (PAM) tools help enterprises keep track of who is logged into a privileged account at any given time and produce access logs. One way this software works is: an administrator logs in to the PAM software, and it then logs in to the privileged account they want access to. The privileged account management product grants privileged user access to privileged accounts [1].

Links to articles on PAM, [1] Burton Group Identity and Privacy Blog, KuppingerCole, Information Security Magazine.

3) Privileged Account Management on the Social Web.

Increasingly companies have privileged accounts on the social web. Dell computers has several for different purposes. Virgin America, (they link to the account from their website – thus “validating” that this is their real account), JetBlue, Southwest Airlines, Zappos CEO, (employees who twitter), Comcast Cares (Frank Eliason) (interestingly comcast on twitter is blank).

Twitter is just the tip of the iceberg – there are also “fan pages” on Facebook for brands. Coca-Cola, Zappos, NYTimes, Redbull, Southwest, YouTube Channels, Dunkin’ Donuts, etc, etc. on thousands of other platforms and yet-to-be-invented services.

These are very powerful accounts – they are managed and maintained by many employees around the clock and are the public voices of companies.

I have yet to see or hear of any software tools to enable enterprises to manage Social Web privileged accounts. How are companies managing access by multiple employees to these accounts?

Is there software that does this yet?

Is anyone working on these kinds of tools?

Leave your comments here or tweet with me @identitywoman

Parents and Technology

Kaliya Young · January 18, 2009 · Leave a Comment

I just found this article on Yahoo! News.
It is quite disturbing
There are two companies offering a service to parents WQN and Aegis Mobility – there is software and then a monthly fee. Then services track the kids and turn of their phones in certain locations.

WQN’s surveillance service promises more than just disabling the phone in cars. It can monitor a person’s whereabouts, notifying parents by text messaging when their children step out of designated zones or return home. It also can turn off a cell phone at school, preventing cheating by text messaging during classroom tests, based on a reading of the school’s location.
The question parents would have to ask themselves is whether they’d want to prohibit their children’s activities this way. That kid you’re trying to control might not be driving, but rather sitting on a train or a city bus or in the passenger seat of a buddy’s car.

It seems a whole set of technology tools that are part of enabling over parenting. sigh.

Sir Tim on Tracking

Kaliya Young · March 18, 2008 · Leave a Comment

Sir Tim said he did not want his ISP to track which websites he visited.

Data Interop: an open letter from the largest nonprofit vendor

Kaliya Young · November 27, 2007 · Leave a Comment

Recently a report from a know tech publication was at a conference I was leading. She asked me
“what is interesting that is happening right now.”
I said “the nonprofit technology session.”
She said – “well I cover business issues.”
I shared with her that one of the largest vendor of nonprofit technology Kintera was a publicly traded company AND that there was big business opportunities for providing technology solutions in that sector. She looked at me surprised as if it had never occurred to her that you could make money in this sector. Recently the two other large vendors in the space merged – Get Active and Convio. They became just Convio and are now the largest vendor in the sector.
This month’s theme for NTEN’s Newsletter is Data Interoperability. This is the open Letter the published there.

Gene Austin, Chief Executive Officer, Convio and Tom Krackeler, VP, Product Management, Convio
It is incumbent on all software vendors serving the nonprofit sector to open opportunities for nonprofits to have greater choice and flexibility in pursuing their missions.
To meet the expectations of nonprofits today — and five years from now — software vendors need to facilitate interoperability between systems and enable integration between offline and online data and the new Web. And they should do so with one clear purpose in mind: to open the possibilities for nonprofits to find and engage constituents to support their missions.
The NTEN community has been leading the charge for openness. With Salesforce and Facebook, Convio has embraced openness as a way of doing business.
Software vendors should:
1. provide nonprofit organizations of all sizes and in any stage of Internet adoption the flexibility to integrate with other web or database applications to exchange constituent and campaign data.
2. make their Open APIs available to clients, partners, and a broad developer community.
3. expose Open APIs as part of their core product functionality.
4. proactively use APIs provided by other companies in additional to providing their own.
5. make their API documentation publicly available and provide a forum for sharing and discussing best practices and exchanging code examples.
6. publish a roadmap for their API development and encourage participation in the development of that roadmap.
7. make their APIs accessible to nonprofits at a level that does not require extensive technical expertise to leverage those APIs.

Phone troubles – Is Grand Central the Answer?

Kaliya Young · September 17, 2007 · Leave a Comment

So, I got a shiny new iPhone (for facilitating office 2.0’s Unconference) but I can’t get it to work yet.
I have MetroPCS – the ‘ghetto phone’ for those of you who don’t know it works like this – you buy the handset, you pay them your monthly fee on time or they turn your phone off. You have unlimited local and long distance calling. SIMPLE. No bill’s, no rolling min, just a phone that works. The catch – your phone only works in your metro area. This is why I have another number (from T-Mobile) that I pay by the min for when I travel to different cities.
So I went to sign up for the new iPhone via my computer. It won’t just let me get an account. I have to get ‘pre-approved’ credit from an AT&T store. To be honest I have not done a lot to get ‘credit’ so I am not surprised. I don’t have a credit card. I don’t have a loan for a car or anything.
My husband and I went to the AT&T store so that I could piggy back on his account/credit and get a phone activated. I decided I would try and port my number. They want to know not only my phone number but my ‘account number’ (remember I have the ghetto phone plan – no bills no nothing that I see an ‘account number’ on). They also want to know my address in their records AND my name. I have this feeling that when I got this phone 4 years ago that I had a different address and I was still going by my maiden name. These things are all not ‘persistent’ I am not sure what their records say and if I don’t know I must not be me right?
All I knew and all they put in their system was my phone number. I get this phone call from them asking me to call them back and give them more information so they can port my number for me.
I am thinking it is all to much trouble and I should get a Grand Central number and a new number from them and tell everyone my grand central number.
Anyone have any thoughts on their service to date or making this kind of choice. With Google acquiring them they are not going to go out of business any time soon.

Big Brother coming to NYC

Kaliya Young · August 4, 2007 · 1 Comment

NYC Real world Tracking one step closer:

New York City is seeking funding for a multi-million dollar surveillance system modeled on the one used in London. Police in the city already make use of the network of cameras in airports, banks, department stores and corporate offices — an arrangement used in cities across the country. This new project would augment that network with a city-wide grid. ‘The system has four components: license plate readers, surveillance cameras, a coordination center, and roadblocks that can swing into action when needed. The primary purpose of the system is deterrence, and then an investigative tool.’ But is it necessary? Steven Swain from the London Metropolitan Police states ‘I don’t know of a single incident where CCTV has actually been used to spot, apprehend or detain offenders in the act. Asked about their role in possibly stopping acts of terror, he said pointedly: “The presence of CCTV is irrelevant for those who want to sacrifice their lives to carry out a terrorist act.”

From the Article:

The implementation of the plan, called the Lower Manhattan Security Initiative, will require about $90 million, New York City Police Commissioner Ray Kelly said. It will cost about $8 million a year to maintain.
The city so far has raised about $25 million. Part of it has come from the Homeland Security Department and the rest from city coffers.
Donna Lieberman, the executive director of the New York Civil Liberties Union, said she was alarmed by the prospect of government and law enforcement officials having records of a person’s daily activities.
“It wasn’t that long ago that J. Edgar Hoover was up to his dirty tricks using government spying to interfere with lawful dissent, undermine critics and pursue an unlawful agenda,” she said.
However, police officials repeatedly note there is no expectation of privacy in a public area and it is not a constitutional right.

Plaxo is becomes OpenID relying party Tonight.

Kaliya Young · July 17, 2007 · Leave a Comment

I am down here at Mashup Camp that I am facilitating tomorrow and the next day. At the social hour around the pool I ran in to Joseph Smarr and got the scoop.

“We’re releasing full OpenID relying-party support, so you’ll be able to sign up for a Plaxo account using an OpenID and/or attach OpenIDs to your existing Plaxo account. I’m also publishing a step-by-step implementation guide for OpenID-enabling existing sites based on the work I did for Plaxo.”

He has put up a whole set of shots on Flickr outlining the steps.
This is another great step for OpenID!!!!
They are also publishing an implementation guide for relying parties.

User Agent's Spotted at Supernova

Kaliya Young · June 25, 2007 · Leave a Comment

I had a good time overall at supernova. I found two user-agent’s.
Well what is a user-agent? they are programs that work on the users behalf. I found this definition on Dr. K’s Blog:

it would seem that “user-centric” identity is about creating an “agent-in-the-middle” architecture for identity systems. An agent (usually automated) for the user sits in the middle of the identity flow, analyzing the flow request and determining how to handle the response. The determination would be based on policies defined by the user. It may require the agent to bring the user in for an explicit approval, or it may automatically approve or reject the flow based on previous user preferences (similar to the user checking the box that says “do not ask me again”). It may also apply a configured rule or policy to the identity flow that determines the action to take – ask user, approve, reject.

So who were these agents? One was WiMoto – when I fist talking to Scott Redmond he was explaining his tool…and I just didn’t like it..about advertising on my phone etc…THEN all of a sudden I ‘got it’ – I said “oh this is cool you have a user-agent.” I explained what it was from our ‘user-centric identity’ perspective. He was like sure I guess what is that we have. I met him early in the evening of a cocktail party where he would be demoing throughout. At the end he said he was eternally indebted to me for giving him that word “user-agent”. Apparently it let him communicate effectively to the other folks all night. It is now on the front page of their website. I still don’t get exactly how it works though.
The second user-agent I found was MyStrands – it is a mobile social networking app for night clubs. So you can text to the screen when you are in shared space together (like at the night club). It also lets you opt in to get information about the bands and clubs. So it is a promotion network. They look like their are going some where!

Sheep Phone

Kaliya Young · April 12, 2007 · Leave a Comment

OpenID Going Mainstream

Kaliya Young · March 16, 2007 · Leave a Comment

OpenID made the front page of the Money Section of USA Today – Today.
From the community they quote, David Recordon, Scott Keveton, Brad Fitzpatrick, and Kim Cameron.

SAN FRANCISCO — An emerging technology standard could be the answer to a major headache: It lets consumers use the same user name and password for hundreds of websites that require a sign-in.

What an exciting day!

Cool new wiki feature

Kaliya Young · December 12, 2006 · Leave a Comment

I went through TechCrunch today as I do on a weekly basis to check out what is new in web2 land. Lots of kids building interesting things but I kind of think mmmm…to a lot of them. Also lots of acquisition rumors. By the end of it I wondered why me? Why this industry almost completely devoid of meaning in a particular way.
The one cool ting that I did find was a new feature called “UnPlug” for SocialText Wiki’s so you can get a section of a wiki you want to edit on your computer and work on it ofline (say on a plane ride) and then when you plug back in it is uploaded. VERY COOL.

O'Reilly on Who 2.0

Kaliya Young · December 3, 2006 · Leave a Comment

Tim O’Reilly From eitb24:

Certain kinds of databases are going to become really big and really useful. we are just in the early stages where for example digital identity doesn’t really work yet but that world start to coalesce, where all these different sources of identity will start to be resolved and connect to each other. And we’ll have a rich identity system you could call Who 2.0.
Just like you are starting to see Where 2.0 in the way that mapping is starting together…so you think about the various dimensions of the data that we interact with who, where what, when, why and how are a little bit harder but the more pragmatic dimensions will be come part of this new data oriented operating system that we are building.

An argument for i-names & XRI

Kaliya Young · December 2, 2006 · Leave a Comment

I found this while using Snap too. I have to say it is way more entertaining then Google. As you toggle down the suggested site. I will be back to try it out more regularly.
From Fishbowl on Oct 25th 2005….

“I’ve noticed that whenever I have a photo on Flickr that I want to embed in my blog, I make a local copy and link to that. Flickr may well out-last the Fishbowl, but at least the continuing availability of my webserver is something that I have a say in.” — Me, a few minutes ago.
I registered the pastiche.org domain back in 1997. Since then I’ve been through a half dozen or more ISPs and hosting services, but I’ve done so secure in the knowledge that so long as I keep paying my domain renewal fees, my email address, website and whatever other Internet perks I feel like having will follow me wherever I go.
(There are disadvantages, of course. Even for a non-entity such as myself, eight years of being careless with the one email address leads to a lot of spam.)
I had this conversation with a friend, and they told me not to worry: Gmail is likely to survive longer than I’m going to need an email address anyway. But that’s not the point. In five years, Gmail is going to be what Hotmail is today, and there will be another service that’s cooler and more capable that people will rather be keeping their email in.
“Letting somebody else own your name means that they own your destiny on the Internet…. As soon as you realize you’re serious about blogging, move it away from a domain name that’s controlled by somebody else. The longer you delay, the more pain you’ll feel when you finally make the move.” — Jakob Nielsen’s Weblog Usability mistakes, #10.
Recently, Australian politician Malcolm Turnbull proposed that the government give each citizen a lifetime email address. There were obvious flaws: the proposed address scheme — first name, surname, date of birth — consists of two pieces of data that can change, and one that people often want to conceal. Regardless, the underlying concept of a permanent ‘digital identity’ is an important one. After all, cool URIs don’t change.
If there’s a Web 3.0, it’s not going to be about giving you cool sites to put your stuff on “out there”, but about giving you the tools to build that cool stuff on top of your own persistent, personal space on the net… in a way that when the services change, the technology advances and the trends turn, the stuff stays where it is.

The Open Phone a platform for User-centric ID apps?

Kaliya Young · November 16, 2006 · 1 Comment

Reading SlashDot I found this article about the Open Phone coming out with a Linux operating system. The left lots of room for folks to write apps to run on top of it. It sounds like a great platform for some identity applications and UI experimentation. Maybe we can have a session at IIW regarding its potential.
On another note I went to ‘digg’ it and it asked me to login….I don’t want another name and password thankyou!

Paul how does SAML help exactly?

Kaliya Young · October 8, 2006 · Leave a Comment

I thought you could clarify how you think SAML will help with this.

While multiple screen names can be tracked at home, the company is working on a tool to associate different screen names across school and home to notify parents.

Isn’t the whole point of the Laws of Identity that people should not have there identifiers aggregated across contexts without their knowledge.