A friend of mine posted the following photos on Facebook today – showing how an “Oil Pull” tractor would have powered a threshing machine about 80 years ago.  Although our technology is much “higher” now than then, we must never forget that we stand on the broad shoulders of those who innovated before us.

Recently, I have received several invitations to join the “schoolFeed by Classmates” app on Facebook – from people I knew and went to school with in Richfield, Idaho, many years ago.  I am very, very selective these days about which apps I authorize, by I finally signed up.  When I joined the app, I hoped to connect with a few new people whom I haven’t seen for ages.  However, I was presented with a long list of folks who all graduated from Richfield High School – just not the tiny one I attended with only 13 people in my graduating class!

The trouble with this app is that it apparently fails to recognize that “Richfield High School” can apply to any number of high schools in the country, not just the tiny one I went to. I suppose those on the list are all nice people, but just not the ones I remembered.  But I did get a nice complement for a picture I posted from a person I had never met!  How bad is that?

This is a clear example of how attaching an attribute like “Richfield High School” to my online identity does little good unless that attribute is unique enough to satisfy the need for which it was intended.  In this case, it fell woefully short!

But the app is in “beta” release – which automatically forgives all blatant errors, even if they strike at the very heart of the app’s driving purpose, right?

The Register reported today:

Hacker collective Team GhostShell leaked a cache of more than one million user account records from 100 websites over the weekend.

The group, which is affiliated with hacktivists Anonymous, claimed they broke into databases maintained by banks, US government agencies and consultancy firms to leak passwords and documents. Some of the pinched data includes credit histories from banks among other files, many of which were lifted from content management systems. Some of the breached databases each contained more than 30,000 records.

The bad guys aren’t done yet:

“All aboard the Smoke & Flames Train, Last stop, Hell,” Team GhostShell wrote. “Two more projects are still scheduled for this fall and winter. It’s only the beginning.”

I repeat the final question of my last post, “If this data is so important to enterprises, what are they doing to really secure it?”

This afternoon, I took an intriguing romp through several recent articles about personal data, clouds and operating systems – somewhat following on my recent exploration of Life Management Platforms, which fall into the same general category. I really like the emphasis on the term Personal. True personalization implies that I am able to leverage my identity to get more and more value from my online experience.

I started my little exploration with Drummond Reed’s recent post, Social, Local, Mobile, Personal, which led me to two posts on the Respect Network blog:

• From Personal Computers to Personal Clouds: The Birth of the Cloud OS
• The Personal Channel: The Extraordinary Benefits of Communicating Via Personal Clouds

These posts in turn led me to an intriguing white paper, From Personal Computers to Personal Clouds, The Advent of the Cloud OS, written by industry luminaries Craig Burton, Scott David, Drummond Reed, Doc Searls, and Phil Windley,

A few items that really connected with me:

First, the following chart from Drummond’s post illustrates the progression toward a personal network or platform. That seems particularly relevant to me as Facebook, though social, is decidedly and increasingly less personal.  I would very much like to see concepts such as Life Management Platforms and Personal Channels emerge to give me more control over my information and interactions with others.

Second, I like the concept that Personal Channels provide “Volume Control” plus “Intelligent Filtering and Organization.”  I have become increasingly perturbed at the level of irrelevant noise on Facebook and Twitter.  To some extent, I can filter things down by using groups and lists, but it is cumbersome and very limited.

Third, the concept of a cloud operating system is powerful.  The ability to have a COS to handle services like Identity, Program Execution, Data Abstraction and Communication will enable much innovation and will be necessary to really deliver functionality like Life Management Platforms and Personal Channels.

However, unless someone can deliver infinite bandwidth to us all, I doubt that we will completely get away from the mobile device “calf” connected to the cloud “cow,” to borrow Craig Burton’s model.  Intelligence at the personal device OS level that is uniquely positioned to provide crisp, beautiful and functional user interfaces will need to be seamlessly integrated with powerful functionality and connectivity at the COS level.

After reading and trying to understand all this innovative thinking, I bumped into an article about app.net, a project which claims to be building a “different kind of social platform”:

We’re building a real-time social service where users and developers come first, not advertisers … We believe that advertising-supported social services are so consistently and inextricably at odds with the interests of users and developers that something must be done.

It sounds like the app.net platform will not only provide a “personal channel,” but a cloud operating system of sorts, where developers can plug in interrelated applications in a standardized way.  It doesn’t appear to possess all the qualities of a COS as defined in the Burton, et al, white paper, but perhaps it is a step in the right direction.  I signed up as an early adopter in hopes their project gets funded.

In my recent article about Life Management Platforms, I stated in the closing paragraph:

What the Life Management Platform concept really needs to move forward is definition and demonstration of a set of open, secure APIs to implement “informed pull” and “controlled push” information sharing capabilities for real.

Acting on advice from Dave Kearns, I pinged Martin Kuppinger and Craig Burton to find out if anyone was working to specify such API’s.  Craig suggested that I take a look at the Evented-API specification written by Sam Curren and Phil Windley, which calls for event generators and consumers to interoperate in a loosely-coupled fashion.

So, in response to Craig’s suggestion, I prepared the following diagram to illustrate my high level take on how the Evented API concept might work with a Life Management Platform to deliver some real value.

In this use case:

1. Multiple financial institutions with which I do business (e.g. banks, credit card companies, mortgage companies) could publish financial transactions (either singly or in sets) via event generators.  My employer could publish pay slip information in a similar fashion.
2. The Life Management Platform could receive this information via appropriately-authorized and secure event consumers.  These would be “Informed Pull” transactions.
3. The Life Management Platform could in turn publish all or parts of the financial data collected in this manner as “Controlled Push” events which could be consumed by my personal financial management system.
4. I could then manipulate the data as necessary.  Summary data might be published as an event and consumed by the Life Management system in an “Informed Pull” fashion.
5. The summarized information or parts thereof could be made available via a “Controlled Push” event to a computer system used by my CPA to prepare my taxes.

What do you think?  Is this a reasonable use case for a Life Management Platform?  Is this the way Evented APIs are suppose to work?  Any ideas or critiques would be most appreciated.

The following excellent infographic produced by AMD Cloud Computing Research shows some interesting statistics about the adoption of cloud computing, based on AMD’s Global Cloud Computing Study.  I was interested to see that while 60% of respondents say they are currently using some form of cloud computing, 63% of respondents specified Security as the biggest risk.

Enjoy!

Today, the 11g R2 version of the Oracle Identity and Access Management platform was formally announced, with the tagline, “Optimized to Secure the New Digital Experience.”

We in the information security organizations of Oracle have been waiting anxiously for this announcement.  This week, the North American Sales and Sales Consulting organizations gathered in Santa Clara, CA, to be training in this exciting new set of products.

There are three major reasons why I believe this announcement is a big step forward for our customers.

First, this release delivers advanced functionality that gives really compelling business reasons for existing Sun Identity Manager customers to migrate to the Oracle Platform. It is no longer an issue of “moving from point A to point A in functionality,” just to get on the Oracle platform before premium support expires for the Sun product.  It means moving to the Oracle platform to leverage really innovative capabilities that will accelerate business value..

Second, this platform brings to reality a dream we were promoting at Sun as part of Project Destination way back before the Oracle acquisition: integrating Identity and SOA technologies to deliver “highly personalized, identity-enabled, blended applications on mobile devices.”  The new Mobile and Social capabilities and Secure API functionality added to the Oracle Access Management platform, provide a fully-integrated platform to deliver such functionality more easily and more securely than ever before.  Back at Sun, many of our customers adopted the vision we espoused, but making it happen was pretty hard work.  Now, the Oracle Access Management platform does all the heavy lifting for us.

Third, this release shows continued, significant progress towards Oracle’s vision of a truly integrated, service-oriented architecture for Identity and Access Management.  No longer is the Oracle suite just a nice collection of acquired products.  From my perspective as an Enterprise Architect, it is great to see the convergence of data models, functionality, administration services and architectural components.  It is the simplification and streamlining of architecture that will ultimately solve the complexity our customers face.

So, it will be great to work with our customers to show how they can leverage this great platform to meet their business needs. Saddle up for a great ride!

I have been intrigued by the potential emergence of “Life Management Platforms” as described in the Kuppinger-Cole advisory note, “Life Management Platforms: Control and Privacy for Personal Data.”  The concept that particularly interests me is integration between systems that would allow controlled sharing of information, using principles Martin Kuppinger describes as “informed pull” and “controlled push.”

Life Management Platforms are far more than Personal Data Stores. They not only support a secure store for sensitive personal information. They allow making a better use of that information. The real value lies in the sharing of that information supported by Life Management Platforms. …

These concepts are like two sides of the same coin. Furthermore they are the essence of why Life Management Platforms are far more than just a store of personal data. Storing personal data is just a little piece of the value proposition of Life Management Platforms. And just sharing this information by allowing some parties to access it without further control and without keeping a grip on that data is also not what really makes a Life Management Platform. That would be nothing more than a social network with some better access control capabilities.

The key capability of Life Management Platforms is the ability for exactly the two concepts mentioned. This is about using new types of privacy-aware apps which allow making use of sensitive information in a way that provides value to the owner of that sensitive information.

I can think of dozens of ways this could immediately help me in my life, in addition to the many that Martin included in his report.  For example:

1. Twice each month, I download an electronic copy of my payslip and manually transcribe key bits of information from that unstructured report into the money management program on my personal computer.  Wouldn’t it be great if I could do an “informed pull” of that information in a way that would automatically transfer selected data from my employer to my money management program, just like I do from my bank and credit card vendors?
2. Each year, I assemble a bunch of information to give to my accountant to prepare my tax return.  Wouldn’t it be great I could use a “controlled push” of such information from my computer to his?
3. I recently visited a new dentist.  Wouldn’t it be great if I could have used use a “controlled push” of my profile and medical history to their system, rather than fill out yet another set of paper forms?
4. We recently had a great time with all of our six children and their families at a family reunion in the White Mountains of Arizona.  Wouldn’t it have been great to post addresses and lodging details once and let each member of the family do an “informed pull” that automatically populated their mobile phone calendars, address books and GPS units?

And the list of possibilities could go on and on.  Many industries could benefit from this concept – healthcare, financial services, travel, hospitality and many more.

I like some of the emerging systems from vendors Martin mentions, but each has its challenges.

As its name suggestions, Personal.com is a useful application for storing personal information.  In its current state, it is kind of like Evernote for structured data – an ability to put personal data into secure “gems” that can have any number of attributes, and have those gems available either on a website or on my mobile phone.  It has the ability to share gems with other personal.com members or with non-members via email (if you dare use that insecure medium).  However, personal.com lacks the structured data exchange between applications that is essential for the use cases I mentioned above.  It even suffers from a disturbing lack of data exchange internally.  For example, if I fill in a business card “gem” with my name and contract information, that data isn’t available to help me fill in somewhat related gems, such as passport, drivers license or social security card gems.

I like the concepts behind connect.me.  Reputation is indeed an important attribute of my identity.  However, I haven’t found a practical use in my life for the service or something like it.  Having a way to use “controlled push” of my reputation to consuming applications may make it more useful.  But I am definitely monitoring their progress, and patiently awaiting their new product launch.

I have enjoyed reading through the QIY website – particularly about their efforts to forge relationships with companies that are interested in working with personal data in an integrated way.  Unfortunately for me, a life-long mono-linquist, I don’t know the enough Dutch words to sign up for the QIY consumer website.

So, it is great to see progress in this area.  What the Life Management Platform concept really needs to move forward is definition and demonstration of a set of open, secure APIs to implement “informed pull” and “controlled push” information sharing capabilities for real.  Then, personal data platforms and related applications that produce and consume structured data while protecting both privacy and personal control could flourish.

One of the high-value benefits of an integrated Identity and Access Management platform is the ability to leverage a unified corporate directory as the primary authentication source for database access.

On July 11, 2012 at 08:00 am PDT, Oracle will host a webcast showing how Enterprise User Security (EUS) can be used to externalize and centrally manage database users in a directory server. The webcast will briefly introduce EUS, followed by a detailed discussion about the various directory options that are supported, including integration with Microsoft Active Directory. We’ll conclude with how to avoid common pitfalls deploying EUS with directory services.

Discussion topics will include:

• Understanding EUS basics
• Understanding EUS and directory integration options
• Avoiding common EUS deployment mistakes

Make sure to register and mark this date on your calendar! – Click here to register.

A colleague recently shared an interesting article with me.  “The Linked Data Strategy for Global Identity” by Hugh Glaser and Harry Halpin focuses on dealing with “the Identity problem in the context of linked data.”  Unfortunately, there is a charge to by the article, but here is an overview.

The topic is introduced this way:

Identity is easily one of the most difficult research areas on the Web and Semantic Web, and one that needs both practical solutions and multidisciplinary research. Identity is how to refer reliably to anything, abstract or more concrete, over time and space, and in different contexts. We’re used to identity being quite simple, as your name easily refers to you when another person is speaking to you. Yet on closer inspection, and at a Web scale, identity is quite tricky, as when you type your name into a search engine and see that it can refer to many other people in different contexts.

I can identify with that problem – there are many “Mark Dixons” in the world who are far more famous than I.  For example, I am quite sure that “Emmy-nominated and AP Award winning Channel 3 Early Warning Weather Meteorologist Mark Dixon” is not the author of this blog.

The whole topic of Linked Data is fascinating to me.  A Wikipedia article on the subject states:

Linked data describes a method of publishing structured data so that it can be interlinked and become more useful. It builds upon standard Web technologies such as HTTP and URIs, but rather than using them to serve web pages for human readers, it extends them to share information in a way that can be read automatically by computers. This enables data from different sources to be connected and queried.

Again, I can relate … there exists a myriad of data about me on the Internet, some published by me and some by others.  It is really very disjoint and often unconnected.  If people poke around at the information, they may be able to related disparate items because they recognize my photo or other descriptive attributes.  However, it would be very difficult for computers to automatically related all the different items. (That might now be such a bad think in many cases).

After exploring a few alternative approaches to this thorny problem, the Global Identity article concludes:

The entire bet of the linked data enterprise critically rests on using URIs to create identities for everything. Whether this succeeds might very well determine whether information integration will be trapped in centralized proprietary databases or integrated globally in a decentralized manner with open standards. Given the tremendous amount of data being created and the Web’s ubiquitous nature, URIs and equivalence links might be the best chance we have of solving the identity problem, transforming a profoundly difficult philosophical issue into a concrete engineering project.

It will be interesting to see what progress is made on this issue in upcoming years.