e-Trust

Is 1984 a step closer?

2011-03-18T13:54:00.003Z

A debate this week in the House of Lords, does not appear to have hit the UK broad sheets. Some may think that it was of little consequence, as it was simply the UK choosing to sign up for the idea that Passenger Name Records should be kept for ALL Pan-European flights in a massive European Travel Register. Lord Hannay in his own opening speech, promoting the motion, stated that it was a "considerable invasion of privacy".
The declared goal is the standard "protect us from terrorists" mantra, the negative or unexpected consequences of such a large database being available to all European Governments are not apparently being included in the decision. This is especially concerning as it is also likely that the US Government and other Foreign States may gain access to the database by fair means or foul.

Let's consider a few "Abuse Cases":
Simply by tracking the flights of the CEO's of all the major European companies a Foreign State, could glean significant information about potential mergers and acquisitions.

As The Earl of Erroll pointed out in the debate a Foreign State could acquire information about the travel companions of key leaders of Industry, or other Foreign States, that could in turn be used to blackmail or pressure said leaders.

Given the attributes to be stored will include passenger financial data, the database could be the cause of a massive exposure of Credit Card details.

As The Earl of Erroll also points out if we were concerned about the dangers of a National Identity Register, why would we not be concerned about the dangers of a European Travel Register that arguably will hold even more detailed information.

The record of large government organisations when it comes to protecting the private records of its citizens have not been shown to be the highest. Just how access to such sensitive data would be limited to those exploring Terrorism or Organised Crimes is not clear.

What's next? The recording of all train journeys across borders, and then car journeys, and then...?

Should we not all be as concerned the Earl of Erroll?

2011-02-27T23:51:00.002Z

I was in a EURIM meeting last week discussing the importance of establishing an Identity Governance Framework that would help set the direction of regulations and other key components that would enable the development of an e-Identity Infrastructure. All those present believed in the importance and value of such an Infrastructure, there was whoever one aspect that did not seem to have universal agreement.

Basically it came down to the need for a Universal Identifier that would be owned by Governments.

In this case we were talking primarily of the identity of Citizens. I responded very clumsily to what seemed to be a proposal to tie such an Identifier to the Identity used for voting, it turned out to have been tied through the Registration process, my visceral reaction remained. I mumbled my concern without clarity.

Today I was in reminded of the Lord of the Rings and its relationship to this problem. I declare myself to be a Hobbit who sees the creation of the Rings (of Identity?) as something to be feared, especially the One Ring, the one that binds all the others together.

The forces that would have us believe that a Universal Identifier should be created by governments in order to protect us from thieves and terrorists, are not being fully transparent with the potential negative impacts, partly because the law of unintended consequences is so relevant in this space, but also they don't want to declare their own intents.

Let's remember what was inscribed inside the "One Ring"

http://en.wikipedia.org/wiki/File:One_Ring_inscription.svg

One Ring to rule them all,
One Ring to find them,
One Ring to bring them all,
And in the darkness bind them.''

A chilling reminder, for those that understand the message that Tolkien was sharing with us.

Basically it is a question of Primacy, who owns the Identity of an Individual?
Some would say the State, I would say the mature and sane Individual
I was sure this right would be enshrined in "The Universal Declaration of Human Rights" but despite reading and re-reading the articles I found no clear declaration, while Articles Three and Six touch on the concept. The right to own ones Identity is not explicitly stated.

The first Jericho Forum Identity Principle (under development) addresses this topic it currently reads:
PRIMACY: Invisible Root Identity – The privacy and integrity of a core “Identity” is ALWAYS safeA Root Identity must be uniquely and permanently connected with an Entity/Principal and must NEVER need to be disclosed.

Rewritten as a new Article 31 of the The Universal Declaration of Independence it would read:
Everyone has the right of primacy over their Identity, no State, group or person may usurp that right.

From Silo to .....

2011-01-11T10:09:00.001Z

The shift from being a silo focussed Enterprise, to a Deperimeterised one is NOT a simple task. The primary reason for this is that it involves a tectonic shift in all the key components of an organisation, including all those that relate to each of the major domains of People, Process and Technology, in short everything must change.
The Culture of the organisation must change from top to bottom, this shift involves moving from a "Do It Ourselves" to a "Do It Collaboratively" approach. In Information terms this means moving from keeping Information to ourselves, to sharing information with others. This leads to the need of a fundamental shift in governance systems, meaning that the systems that govern the direction of, and behaviours in an organisation often need to be reversed, and certainly re-designed. The implications of the importance of this part of the "shift" can be seen in the failure of many organisations trying to make the shift. Business Leaders making this change understandably feel nervous and as a result resort to taking up the governance reins, hoping that they will be able to effectively steer their organisation throughout the change. Empowerment is the first thing to suffer with this approach, as this behaviour is observed and replicated down through the leadership ranks, and yet Empowerment is one of the most important success factors in making this change. This results in a failure to appreciate which of the many unknown processes in an organisation are key and which can be eliminated. My own view of the failure of Michael Hammer's Re-Engineering of Enterprises in the 1980's stemmed from the basic fact that the Leaders of an organisation of any reasonable size have no way of being able to understand all of it's processes. Especially as so many of those processes are "unknown" and certainly undocumented. (The most successful re-engineering exercise I was ever involved in occurred in France, where an enlightened leader, whilst using an external consultant, insisted that all of his staff were involved in the re-engineering exercise, unfortunately the effort were supplanted by a "Top Down" change that was Global resulting in a 400% loss of productivity.) Changing the business processes of a silo based organisation to deliver the needs of a Deperimetersed one, is not a trivial exercise, and certainly not one that can be achieved incrementally. For few organisations understand all the processes that they operate, let alone the Information Assets that are key to these processes. Our inability to manage the vast amounts of information that modern Enterprises produce inevitably leads to the use of Information Technology, and here-in lies the tail that wags the Corporate Dog. Advances Information Technology has lead to an amazingly powerful tension driving organisations towards Deperimeterisation. Cloud based services, being simply the latest of these advances. Consumerisation is another of these technology mediated tensions.

I am reminded of a challenge in one of the many corporate team building exercises that I have had the pleasure of engaging in. This one had me dressed up in massive amounts of padding, connected to bungy cord and then told run up a padded aisle to see how far I could get. The weird experience of having the bungy cord decide that I had come far enough and drag me flailing back to the start must have been designed to teach me something, though I can't remember what.
in the case of the Silo based Enterprise, the bungy cord is Deperimeterisation, and no, it is not connected to the other side of the Grand Canyon but to the Moon. in the words of Eric and Ernie, "Get out of THAT without moving!"

The good news is that Mankind has demonstrated our ability to get to the Moon and back. Is your organisation ready to demonstrate the capabilities needed to achieve this shift? If it is small and agile, then likely yes, if you are in a large organisation here's hoping you have a charismatic leadership team with Vision, who believe in Empowerment.

To those expecting the word security to appear in the body of this article, on September 12th 1962 did Kennedy use the word Security in announcing the endeavour that relied upon Security at every step?

"We choose to go to the moon. We choose to go to the moon in this decade and do the other things, not because they are easy, but because they are hard, because that goal will serve to organize and measure the best of our energies and skills, because that challenge is one that we are willing to accept, one we are unwilling to postpone, and one which we intend to win, and the others, too.". http://www.historyplace.com/speeches/jfk-space.htm

Will your organisation choose to go to the Moon or will it be dragged there flailing? One thing I will say is; your ability to treat Information as a valuable asset is going to be fundamental to your success, with a rethink of "Identity, Entitlement and Access Management" being a crucial early step, but that's another blog!

Mac App Store introduces the opposite of Shop Lifting

2011-01-09T21:00:00.003Z

The opposite of Shop Lifting would be called something like Wallet Snatching.

With the new functionality introduced by the 10.6.6 upgrade the Mac App Store introduces the unwary to a new means of losing their money. The App Store used by iPhone, iPod, and iPad owners has a two click to purchase interface. With Mac App Store, Apple have introduced, an arguably devious, means of increasing sales by eliminating the "Are you sure?" Click.

This seems like a minor deal, but you must remember that the Terms and Conditions of App Store basically says when you have bought it it's yours and there is NO means of getting your money back apart from going to the developer of the software.

I am not a lawyer but I believe that Apple have successfully driven a coach and horses through the sale and purchase of goods Act, which clearly states that it is the seller, not the manufacturer, who is responsible if goods do not conform to contract.

This coupled with the fact that the App Store was not built to be secure from the developers perspective is a reason for developers who value their brand and their profit to steer clear from the App Store.

A recent incident I experienced with the SlingBox App has damaged Sling Medias brand in my eyes and certainly means I will be doing no more business with them. I also aim to stop as many of my friends as possible from buying Slingboxes. This arguably all stemmed from Sling Media's use of App Store, and hiding behind the Apple's decision to ignore the Sale and Purchase of Goods Act.

CAVEAT EMPTOR is even more important when it comes to doing business with Apple.
I think that may be assuming that they are above the law!

Yippee! End to End Secure FaceBook

2011-01-09T12:51:00.001Z

"A step towards being my Identity Service Provider"

In the wake of FireSheep and the ability of coffee shop squatters to harvest authentication cookies from insecure WiFi Networks, and gain "one click" access to FaceBook accounts, FaceBook have started up a new way of accessing FaceBook. With the launch of https://ssl.facebook.com/ one can now have their authentication cookie, and all other data, securely transferred to and from FaceBook. While this does not solve all of FaceBook's security issues, (after all they still use Username and Password for account access!) it is a very important step. All FaceBook users should shift to this means of accessing FaceBook. Currently, it is still in a testing phase the service will be more broadly promoted in coming months.

So to benefit from "end to end secure FaceBook" change your FaceBook bookmarks now, I have!
Now all I have to do is figure out which of the many applications I use to access FaceBook use this secure protocol.
Anyone have a list?

This is a welcome step, and if FaceBook continues in this vein, I will be happy to expand my use of them as my Identity Service Provider. Recently they are more openly about positioning themselves as an Identity Service Provider, they are choosing to gain the position by slowly on FaceBook App at a time. More importantly they have the potential to gain the trust of Enterprises as an Identity Services Provider. They are more likely to achieve this status, if they comply with all the Jericho Forum Commandments.

There are some additional services and capabilities that would help me make this step. What am I missing ?

1) A revised authentication infrastructure that eliminates the use of Username and Password as the prime method of Authentication to FaceBook

2) An easy to manage Security Dashboard that allows me simple oversight and control over my web based Identities

3) A Security Monitoring Service that has the capacity to alert me when my data is being harvested, or misused

4) A means of more finely selecting which of my data I want to share with specific services that use FaceBook Connect
(Currently it is a binary decision, often "All or Nothing", with little ability to negotiate)

5) Methods of enhanced authentication, which I can choose to use for specific services that I may choose to use FaceBook Connect with.

6) Various Methods of warning when specific events, of my choosing occur. I would see three levels "Alert Ferocity"
a) Poodle: Just giving you the heads up
b) Jack Russel: Seriously annoying until you accept the alert
c) Pit Bull: Will fight to the death to get the alert through to you, no matter the cost

7) An ability to apply varied levels of friction to information flows that I can select for different types of data, or specific data elements.
a) Open = No friction, Anyone has access
b} Closed = Limited Friction, Many have access, though it is easy to share with others
c) Combination Locked = Serious Friction, fewer have access, but it is difficult to share with others
d) Key Locked = Ultimate Friction, few have access, and I am informed when they access

8) A Transaction Dashboard that allows me oversight and control of my ALL web transactions, this service will only be possible after FaceBook has really proven their ability to look after my interests.

Clearly, I expect others, not just FaceBook, to be aiming to provide these identity services and this list equally applies to them. Some providers will have more complete and robust services, others will not provide the complete range of robust and trustworthy

Source of key elements in this blog
http://technologyreview.com/printer_friendly_article.aspx?id=27027

Abstract Thoughts on "Information Friction"

2010-12-18T01:10:00.004Z

The problem appears to be growing worse! Information Technology is becoming like a silicon spray reducing Information Friction to the lowest levels ever. The issue is simply that it is easier than ever to accumulate vast amounts of information and distribute it globally and instantly with little effort. The consequences of the reduction in Information Friction, are both positive and negative. The dilemma is that while individuals are pleased to give up their information to a specific organisation for a specific gain, the organisations do not always keep their side of the bargain. On the other hand the more Enterprises are intent on keeping information restricted, the more valuable it is for Insiders to share it, with the resulting phenomena of Insider Senioritisation

As was recently identified by the ISSA in their http://www.issa-uk.org/whitepapers/ISSA-UK-InformationSecurity-TheNextDecade.pdf chaired by David Blunkett at the Houses of Parliament and commented upon in David Lacey's Blog; The world needs much more innovation in Information Security. Perhaps it is time to look to the Jericho Forum Command,emts for inspiration; how might they suggest we should approach putting the friction back into Information Flow, and who should be in control of the lever that applies said friction?

I will be researching these questions in my work on Next Generation Identity (or should that be Access?) Management for the Leading Edge Forum

I am very interested to hear from those who has some ideas.

The main three problems
Behaviour Change, Behaviour Change, and Behaviour Change as it is truly "all about them" where "them" are the users!

How does one mke it :
Harder to accumulate large amounts of information
Tougher to deny ignorance of knowledge
More difficult to distribute large amounts that your are not supposed to have

In short how can we put the Resource Owner in charge of the resource. nigh on in real time

UNDER CONSTRUCTION, but feedback welcome

FaceBook & Privacy

2010-07-21T19:35:00.002+01:00

I hate how FaceBook thinks that people's actions are theirs to share!!!
=========================
"Adrius, Who's Missing?
Willie, Freda and Hollie have tried the
automatic Friend Finder and found out."
=========================

Funny how I know the three of them. This is FaceBook basically "telling" me that they are inconsiderate individuals who think that sharing the contents of their address book with FaceBook is not a Privacy issue.

I bet they thought that they were doing it quietly.... you know under the radar ....no such luck folks!!!

"FaceBook sneaked on you!!!"

At least I didn't post your photos here... like FaceBook did, to make it really clear WHO was being inconsiderate!!!

Doh! I bet you suspect I just made the same mistake as FaceBook....

Actually, I changed the names to protect the innocent, I mean inconsiderate!!!

Where do I interact on the web?

2010-07-14T15:16:00.002+01:00

No, seriously! Where? This morning I awoke with a nagging thought that somewhere on the web, I was in the middle of a conversation, in fact, a number of conversations. Clearly by losing track of these conversations, I was potentially being rude, but worse wasting my time and the time of others! Then it struck me that is one of the meanings of "weak ties", not only do the "weak ties" relate to the strength of the link between individuals, it can relate to the strength of the link between an individual and the application or service in which they start a conversation. Ultimately, it relates to the weak ties between an individual and the conversations that are started, What has this to do with the Jericho Forum? I have only just realised that Deperimeterisation is a much broader force being caused by the inexorable evolution of the world wide web, than I had previously grasped. A force very strongly related to that word I can never remember but happily have for this blog: ENTROPY! It does NOT just relate to an Enterprise or Organisation, the force can and does apply to a much broader set of domains. Some examples that are broader than Organisational Deperimeterisation:
Individual Deperimeterisation
The result or implications of information boundaries dissolving around an individual.
Geographic Deperimeterisation
The result or implications of information boundaries dissolving around specific geographic areas (Home, City, County, Country, group of Nations)
Conceptual Deperimeterisation
The result or implications of information boundaries dissolving around Trusted Concept Containers.
News Deperimeterisation
The result or implications of information boundaries dissolving around Trusted News Containers.
What are concept or news containers?
I can answer what they used to be, in their perimeterised form, much more easily than describing their evolving future !
Encyclopaedia Britannica was an old example of a concept container that could be trusted. They are exemplified by a number of old style "publications": Books, Peer Reviewed Papers, Magazines
Whereas News Containers or the recording of current history is also easier to exemplify in their perimetrised form. The Times or the Washington Post being two examples of perimeterised News Containers. Julian Assange's WikiLeaks being an example of an evolving deperimetrised news container?
(Read Stephen Moss article in G2 14.07.10 Darn that's one of those perimeterised containers, so you will find it hard!)
Deperimerisation is occurring across MANY domains simultaneously, we are in a massive transition!
I don't envy the lawmakers as they try and legislate for this change.
So finally back to my realisation that my conversations were being deperimeterised. I have come to understand that my deperimeterised conversations are not solely my responsibility! Which is certainly not where I started this blog. For such is the power of weak ties, it brings such things as concepts together good ideas naturally clump! So conversations that are important will take on a life of their own, though I have a sneaking suspension that another force is at work in this space that lowers the tone and import of conversations. So an important question for our future will also be: In a deperimeterised world how will we keep avoid sinking to the lowest common denominator. That has always been a challenge for humanity. SO I must own the type and level of conversations I join in.
Thus our challenge as Human Beings is to BE the concept! But that still leaves me with this nagging doubt that I am part way through many conversations, but there-in lies the power of "Weak Ties!" It's perhaps part of the reason I will be drawn back to them, for like all good weak forces they work over tremendous distances!!! Considering the different types of Deperimeterisation, each of the types have different implications that need to be handled by the relevant "authorities"???
But hold on isn't Authority being deperimeterised also? Yes, but that is a topic bigger than this blog!

.... Come to think of it Lawmaking is being deperimeterised also, what will THAT mean?

In the meantime, how can I better manage my virtual conversations?

It is NOT all about the devices and the Networks!

2010-07-06T17:51:00.001+01:00

It's actually about connecting the right people, groups, and enterprises to the appropriate data, informs, knogs and services! It's ages since I've seen or heard those words. For the life of me I cannot remember who wrote them. It wouldn't surprise me to find that it was something to do with Index, and the folks surrounding Michael Hammer. But Google has let me down, I only get stuff about a cycling or a Spanish radio station! Back then we had the idea of knowledge management; the hierarchy of data, informs and knogs were clear (informs are units of information, where-as knogs are units of knowledge, often described as all the elements needed to make a fundamental decision), services were still hazy back then too! The problem was that we hadn't really figured out that the devices and networks were crucial foundation pieces. Knowledge Management on a "green screen" in a data center didn't really hack it. However, now that we have the devices and the networks largely in place, that should allow us to start thinking again about moving our application development thinking from the application or silo mode of IT to the knog and service mode. So, why do we seem to be stuck in the old frame. Many moons ago I was introduced to a concept called "soup". Does anyone remember the Apple Newton? It was trying to be a ubiquitous device that could connect people to knogs. It failed for a number of reasons, not least the jokey battery life, and its inappropriate focus on handwriting recognition, heck!, I can't even read my own handwriting! What it DID have was this concept of a "soup" that applications and services could dip into, create and manipulate. At least, that's what I hoped it was, until I watched how the app developers turned the knogs back into their own, proprietary like, stagnant ponds of stunted and partially formed knogs. Of course it's easier to write apps when only your app needs to understand its own data. The very idea of every app being able to, or needing to understand all data is clearly ludicrous, but surely every app should understand data relevant to all apps like it, or similar. Why do developers insist on storing data that only their apps can understand. Oh, wait a minute you don't mean that they do it for app or vendor lock in purposes do you...Or is there another reason?? I guess they just don't understand the power of the Ocean! For the "Ocean" is a new mega collection of Soups, and is far more powerful, and for that matter far more primeval! Especially as this new huge Ocean is growing a set of Informs that are increasingly described by RDFa, that can be accessed by these huge new and ever expanding Social Groups that could be described by FoaF. I don't have Martin Birbecks dream of having ever more people writing apps, I just want the ones that do, to write apps that understand the Ocean of Informs and can connect to the ever expannding Social Groups. (Assuming of course we don't all lock ourselves into FaceBook.) There are solutions that are starting to be populated in this emerging Semantic Layer by knogs described in RDFa and People described by FoAF. (Perhaps Diaspora will show the way?)

Now all we have to do is help folks make the shift.... Doh!!! I just realised that quite apart from the new application development mind set we need to engender, we can't yet make the shift, as there IS still another layer needed above the Devices & Networks, and above the Semantic Layer, before we can start connecting the People & Knogs. A ubiquitous Entitlement Layer, for it is a MUST, as that would be the bit that made the initial statement possible. As it did not read connecting ANY people, groups, and enterprises to ANY data, informs knogs and services!

This reminds me of a Vison I once helped write:

Extend Human Capability and
Promote Global Collaboration by
Providing Continual Natural Access to
People and Knowledge

It should have read:

Extend Human Capability and
Promote Global Collaboration by
Providing Continual Natural Access by the right
People to the appropriate Knowledge

But I was younger back then, and a lot less wise....

.. but I am still not yet wise enough to wave a magic wand and have ubiquitous autonomous knogs in play today!

Unclean!, Unclean!, Unclean!

2010-03-15T07:58:00.004Z

There is something very wrong with the currently proposed legislation, which focuses on the actions of the citizens at the end of the digital pipe. The greater crimes, being enabled by the ISP's, are not those being focused on by the special interest groups.

Let's jump back in time to a famous water pump near a London Pub, this particular pump was contaminated with the Cholera bacterium and was killing off the citizens of London. If the currently proposed approach were to have been taken in 1854, then those that had caught Cholera from the Broad Street pump would have been denied the right to take further water from the pump. Clearly anyone not yet infected would be welcome to drink from the poisoned source. The death toll would have been horrendous!

Similarly, the flow of unclean bits is the root of the most critical problems we face on the internet, a fact that is clearly not the focus of those that would protect the wealth of the old "Publishers". Unclean bits are those bits that carry the malware, that create botnets, that steal our privacy, often our identities, and worse our wealth, but always our bandwidth! Legislation should focus on ensuring clean bits, just like the legislation of Clean Water after the Cholera Outbreak. The basic fix back in 1854 was the clearing out of the cesspools, which improved the cleanliness of the water from the pumps.

We can learn from history, the 1852 Metropolitan Water Act and "The Grand Experiment" maybe useful. Perhaps if we connect a large number of citizens to the fetid internet connections they currently enjoy, and an equal number to a connections that are "e-pure" and evaluate the results. We will come to the similar conclusion to that John Snow spent his life campaigning for, "Clean Bits are good for the citizens of cyber space"!

It is likely if we have the ISP's focus on the digital cesspools and not the activities of the citizenry, then the internet will continue to grow to be the greatest revenue generator we have ever known. It will not, however, if we try and constrain it with copyright rules designed for previous centuries. The Jericho Forum would call this thinking Macro-Perimeterisation, moving the management of information risk out into the Clouds.

The music industry should be enabling the flow of clean bits, for as figures are now showing the growth in digital music is now more than offsetting the loss of CD sales. The Featured Artists Coalition are the beginnings of moving the power and finances back to the creators and artists. The death throws of the old publishing industry and their attempt to impose their old models need to be managed with care.

Let's hope our legislators look to history for clues to solve this situation.

Two Corners of the Cloud Cube

2010-01-19T10:31:00.005Z

One interesting effect that can be observed at present is the polarisation occurring in the two extreme corners of the JF cloud cube.

In the Blue Corner characterised by the elements; Internal, Proprietary, and Perimeterised are the Infrastructure teams of many organisations who are saying
"We can do Cloud! look a Virtual server called into being in less than 5 minutes....
clever us... you don't need the outside Cloud anymore stick with us!"
(Oh and by the way the outside cloud is a scary place if you stay inside our silo you can "feel" more secure!)
These are often called Private Clouds, the US Govt G-Cloud is a prime example, watch out for the emergence of the term E-Clouds, meaning Enterprise Clouds.

In the Green Corner characterised by the elements; External, Open (Though there are still substantial remnants of Proprietary) and Deperimeterised are the advocates of Consumerisation who are saying
"The Cloud is out there!, lets use it!
Why call into being a server when you can have a service?
Imagine how easy it will be to collaborate with the outside world!"

Why does this polarisation have such a critical impact on the collaboration opportunities offered by the Cloud.
The answer is simple if too many organisations are suckered into the Blue Corner then the powerfull collaboration opportunities of the Green Corner will be killed off.
There will be less reason for External Cloud based Identity Provider Services to be launched. All the enabling services will only be viable if the larger enterprises make the move to the deperimeterised parts of the cloud. It is clearly in the interest of the current providers to keep the Cloud Private.

The unfortunate result of the growing number of Private Clouds will be that the evolutionary leap will not occur the "mud skip will crawl back into the slime and continue to rely on its gills for oxygen".
We will all need to stick in our own little corporate ponds and the progress towards freeing Information and extending human capability will be stymied once again.

Happily the power of Consumerisation will likely provide a force for change, the Customers of these silo based organisations, have a voice and they are starting to learn how to use it.

FaceBook Privacy "<"NOT!">"

2009-12-25T21:48:00.004Z

The dastardly folks at FaceBook have repeated the same trick they have tried before, to take control of YOUR information! They have exposed the names of your friends to the world... They should be STOPPED!

If you are a teenager, then the folks at FaceBook have taken one of the most effective pieces of information that "nasty" folks could use to befriend you and made it available to them with out any warning.

They have made your Friends Lists available to those same "nasty" folks, despite how you had previously set the lists privacy! In effect THEY decided that everybody should share the names of their friends so they changed the roolz!

Happily a hue and cry from the great FaceBook Public persuaded them to enable your ability to make your Friends Lists sort of "Private".

HOWEVER you will not find the means of changing the Privacy of your friends list in the Settings page!!! You will need to click the pencil on the Home Page by the Friends List section. Then un-select the show friend list to everybody box that our FaceBook friends so kindly to set to YES!

Happily there is a website that explains it more clearly than I just did...

Thanks Avinash!

But if I were you I would look around for a Social Media site with a little more ethics!.

PARENTS
Think carefully about letting your offspring use FaceBook or for that matter MySpace
If you choose to let them, help them make sensible choices about their privacy settings. The reason is simple : Keep them Safe!

This problem is not new as this news report shows!
July 2006 CNET Page

CHILDREN
You will know some very security unaware Parents! Please help your Parents use Social Media sites carefully. For one very simple reason it will save you future embarrassment! Seriously!!! Do you really want that photo of your (Fill in the Blank) shared with the world.

Identity and the Black Hole

2009-11-19T21:28:00.004Z

There are many reasons for us to drive the e-Trust frame onwards and upwards, not least the implications of the loss of electronic trust. The impact of a catastrophic failure in e-Trust would be profound. Leaving the recent financial melt-down looking like a mere blip. I predict that one of the reasons for such a failure also provides the means of protecting against that same failure. That reason is the failure of electronic identity to appropriately protect the users of the internet from their fears. Identity Theft and other identity failures are occurring at an astonishingly more rapid rate. I posit that the public's ability to accept such failures has a very finite level and once the level is passed e-Trust will rapidly start to collapse. I propose that the response is very similar to the ability of Ethernet to accept "collisions", it works fine up to a point but once that point is exceeded the knee of the curve creates a sudden and precipitous drop in the networks responsiveness. A large number of users will accept a surprisingly large number of identity incidents but at a certain point the willingness to "e-Trust" will collapse in the populous.

This positited phenomena, simply positions the importance of expanding our ability to protect e-trust by enhancing identity across 5 domains: Applications, Enterprises, Devices, Users and Information as crucial to our economic well being..

In dialogue with Steve Greenham, I have developed a model for ascertaining "Identity" using the Digital Shadow of Users. Coupled with a shift to claims or attribute based access management we have the potential of creating a robust means of protecting e-trust.

In the same way that the location of a Black Hole can be identified, so to can the identity of a human be identified. In the case of the black hole it is by observing the phenomena that the existence of the black hole in a specific location creates. In the case of a human being, one can observe the "Digital Shadows" of the user and predict to the required level of confidence the identity of the user.

There are a number of intriguing challenges that will be documented later in this blog.

The present challenge is how to rapidly enable this approach. It will require the partnership of a large number organisations to put in place the capabilities that will allow us to avoid the precipitous collapse of e-Trust. For who knows where we are on the e-trust curve? Humanity has not been here before!

From Identity Service Provider to Identity Provider Service!

2009-04-21T14:14:00.005+01:00

I had the pleasure of meeting one of my identity heros at ESAF on Monday; Kim Cameron. It went well and truly made up for my trip to PARSIFAL, where I had been told he was going to present, I did however meet the EU Information Commissioner at PARSIFAL though, and discussed with him the importance of Cloud Based Identity. This initiated the seed growing.

At ESAF I also bumped into a number of other potential Cloud Based Identity Players. The result of the interaction with Kim created a massive brain explosion. The result two words swapped places. Seems such a minor result when stated like that! :-(
But Identity Service Provider became Identity Provider Service! (IPS)

Definition: An Identity Provider Service, is a Cloud Based Identity Service Model that allows any individual, leader of a group or organisation to create identities for themselves or their members. Allowing the management of the Identities in such a manner that they can be simply used by and within the group or organisation, or can be raised to a level of trust whereby they can be consumed by third parties, and as a result the Identity Provider and Identity Provider Service can recieve a revenue.

The following Graphic attempts to capture the concepts that were borne in my mind, undoubtedly the result of reading what many others have written on the topic and watching the Dick Hardts Identity 2.0 Video (he's my other Identity Hero, how can I properly cite all the folks who helped create conditions for the two words to swap! My friends at the Jericho Forum undoubtedly played a key part, especially Steve, Paul and Andrew. I am confident that the LEF Cloud Study Tour also had an impact. So I lay these out for the world to consume in an OPEN Manner. In the hope that a new Identity Provider Service Model will result.

Imagine the three Customer, Professional and Organisation components as Blimps floating atop the Identity, Claims, & Access Management landscape. They will be populated with Personas with Claims that need to be verified. These claims could either be self asserted or verified in the "New Cloud based Identity Provider Service" approach ie the Scout Leader or the BMA said they were they accurate claims!

I see the Identity Provider Service being delivered at varying levels of trust, Self Asserted (Free), Group Leader Asserted (Free with Certificates), or Organisational Assertion (One Off Fee with Certificates), and Authenticated Organisational Assertion (higher One Off fee with additional means of authentication) Payment is made by the consumer of the identity in the latter two cases on a transaction basis (think credit card transactions) and this payment is split between the Identity Provider Service and the Identity Provider.

Expanding the example the Boy Scouts of America may choose to allow each Troop Leader to publish their own Troops Identity or negotiate a higher Trust Level with IPS and issue Certificated Authenticated Identities for which they will receive revenue when the Identities are used/trusted by third parties. The Identity Provider Service would operate like Mastercard/Visa charging a verification fee that rises dependant upon the the level of Claims being Made and the Risks involved in the transaction.

The British Medical Association could choose to issue an electronic identity to its Doctors using this Identity Provider Service approach and recieve a revenue from the organisations that consumed the Doctors Identities that naturally came with a verified Claim that they were a Practising Doctor (Meta Data of the Claim to be determined)
NB In this new IPS Model all parties would need to determine HOW the Identity Risk is shared. The BSA would be the Identity Provider. IBM, PayPal, Microsoft, RSA could provide the Identity Provider Service following a standard approach. Lots of legal and compliance stuff to be sorted!

But in the meantime it could start small, I would use the service to publish Information Cards (for that feels like the best form in which to create the Identities) for my friends and family so that we could all safely interact on the Web.

I wouldn't buy a "Geneva Server" to do that but I would certainly sign up to the first IPS that would allow me to publish such Information Cards.

After the concept takes off, I predict an early explosion of Identity Provider Services followed by a shake out that would reduce to 3 maybe 4 providers within 3-5 Years. The number of Identity Providers would remain large. In comparison to the Credit Card Model, I can get a Credit Card from the Royal Society for the Protection of Birds! Why? because they earn revenue from it... I'd quite like an RSPB Identity for my Twitcher Persona!!!!

Alternatively we could continue populating the Blimps from the Enterprise Centric Model, more costly and less effective. Please NO!

I propose the population of the Group, Organisation and Professional Blimps ahead of the population of the Customer Blimp, ultimately these three Blimps will merge. Initially Enterprises will think they want Enterprise issued Identities to fill the Customer Blimp using this new Cloud Identity Service Model but eventually we will get that the other Identities are cheaper and more reliable!

Needs far more thought, for 'tis early in the morning...

But I just had to share!!!

Sexily Oriented Architecture

2009-03-13T07:25:00.003Z

It's been bugging me for a while: How many orientations can one architecture have? There seem to be so many to choose from, though some of these are not yet recognised as mainstream they actually hold the real promise. Unfortunately they both begin with "C"!.

Lets start with the obvious ones:
Technology Oriented Architecture: The orientation that most organisations were starting to use in the late 70's and most still use to this day as their primary oreination despite wishing to deny the fact.

Data Oriented Architecture: The orientation that some organisations started to use in the late 80's and some use today, many organisations aspire to being data or information oriented but few have achieved a high level of Information Orientation. Simple test: Has your organisation identified and classified all of its sensitive Information Asset Types?

Process Oriented Architecture: An orientation made famous by Michael Hammer of "Re-engineering" Fame, some trepidatious Enterprises were trying to use in the early 90's and few use today despite some of the huge value that Re-engineering Processes appeared to promise.

Now moving from the mainstream, and I am sure there will be some that will tell me that EOA and SOA are both mainstream, but I have to put the bar somewhere, and I have chosen solid signs of implementation as being my bar.

Enterprise Oriented Architecture: The orientation that most Architects are now talking about, though very few have delivered in practise. Perhaps I should be kind and refer to it as Mainstream! Nah!!!

Service Oriented Architecture: The morph of Technology orientation that is changing our focus from the technology to services. Some of you will remember the great renaming exercise that shifted IT departments to become IS departments, During the "noughties" Service Oriented Architecute started to gain sway, though few organisations have created one at the Enterprise Level. A few are achieving some degree of SOA at much lower levels.

Now onto the truly non Mainstream Architecture Orientation it is the
Collaboration Oriented Architecture, developed by the Jericho Forum as the answer the Life the Universe and everything....oops I clearly meant the answer to the De-Perimiterisation issue/opportunity. This Architecture Orientation is still not accepted by Architects, at least not those developing TOGAF. I think, that they think that we must all be on something!!

The fast approaching Semantically Oriented Architecture will certainly make a dent when it arrives, though I have a hunch it will first do a belly flop, for as far as I can tell the Semantic purists have not built into the core of their models and standards the rights and wishes of the individuals who are the principal or own the resources. Seems to me that the Web 3.1 will be better when it includes Security at its core. My attempts to find someone in Boston to explain this crucial notion to was a flop. So in fact you can blame me.

It all revolves around this thing called Entitlement, but that's another Blog Post.

So we finally get to the last orientation or to avoid future confusion I will call it a "Centricity"..... drum roll .... thus we have the Customer Centric Architecture!

So what is a Customer Centric Architecture, simply it is one that places the Customer at the heart of all Architecture Decisions and NOT the Product or Service that a company is selling. This is or at least should be the core or heart of all Architecture models, it's just that few of of us have truly understood this, and still fewer have implemented a Customer Centric Architecture.

As a quite aside Apple understood this in the way they designed their technology, they produce User Centric Technology, rather different to the Disk based Operating System of their rivals which is more technology out, than user in... but I digress

Then at 4am this morning it hit me.... We need all the orientations to make a Customer Centric Architecture Work!!! Then it was much easier for me to see them not as Orientations, but rather Layers.

Thus we now have:
Customer Centric Architecture CCA
Collaboration Architecture Layer CAL
Enterprise Architecture Layer EAL
SEmantic Architecture Layer SEAL
Process Architecture Layer PAL
Service Architecture Layer SAL
Technology Architecture Layer TAL
Data Architecture Layer
Architecture

Abstraction and Clouds

2009-02-28T13:59:00.002Z

After my SaaS/Abstraction Tweet, I have been considering my posit ie That SaaS can be implemented in a Cloud like Manner or NOT. Which appeared cause some tension...

FROM @golfcaddy
@adrius42 But isn't SAAS an abstraction of sorts?

From @ccairney
@adrius42 @golfcaddy if cloud computing is defined by layers abstraction then SaaS sits in one of the layers

From @RobynMiller
@adrius42 I don't know why, but the word abstraction doesn't 'click for me...

I have come to the conclusion that the tension comes down to the fact that the act of abstraction is NOT a binary switch, ie abstracted or not. I have perhaps been lazy in my thinking.

So to build my posit, here are some elements of the Abstraction Concept

SubRoutines: These are often just Abstraction within the Application

Service: Clearly a type of Abstraction that can be found in Clouds, but does that mean existance of Service Level abstraction = Cloud. I would argue not. Thoughts???

I personally believe you can use the service level abstraction in a manner that is not Cloud like.

I would also argue that the degree of abstraction, when designed in a cloud like manner is directly proportional to the Cloudiness of the Cloud involved.

For example I would argue that the use of Amazons S3 for data storage is clearly Cloud to some degree, but not "Full On Cloud". That would look like storage of data fully virtualised below the Abstraction Layer stored across, virtualised internal data storage, Amazon S3, and Nirvanix. So that if any of the storage services below the abstraction layer fail then the abstraction layer ensures that the consuming party above the abstraction layer is not aware of the event. Now that is Full On Cloud Computing, between the Platform and Storage Layer.

From Enterprise Architecture, through Collaboration Oriented Architectures, to Customer Centric Architecture!

2008-10-31T21:13:00.018Z

Many IT Enterprise Architects, are still struggling to achieve their ultimate peak, which they have determined to be the optimisation and complete integration of the Enterprise. Historically they have determined that their primary focus is optimising the benefit of usng IT to their total Enterprise (represented by the Green shape), the integration and productivity benefits accruing from connecting a few organisations within an Enterprise as the second priority (the orange colour). Leaving the optimisation of single organisations as the third priority (Light Blue). This is often hard as each internal organisation sets more store by the value that IT can bring to their own organisation, than considering the optimal usage of IT across the Enterprise. This results in a large amount of wasted effort as each internal function battles for the resources to maximise the benefits of IT for themselves.

Even more unfortunate is the fact that this internally focussed and selfish optimisation approach results in barriers to collaboration between Enterprises. The recently published Collaboration Oriented Architecture framework from the Open Group highlights key steps to take reduce the friction between Enterprises, while minimising the risks to the Enterprises and their Customers.

However, even this refined collaboration oriented approach still does not resolve the key issues and opportunities for the most important constituents of all Enterprises: their Customers! Customers are impacted most badly by architectural approaches that do not hold them at the centre.

The new Yellow layer in the diagram above signifies a new Customer Centric layer. Architects who understand the importance of this new layer will be scrambling to drop their Enterprise or Collaboration titles and adopt the attitudes and title of a Customer Centric Architect. Now we have to start thinking about what exactly that means, we could do well by starting to think about how Identity and Access Management systems optimised to meet the needs of individual Enterprises might be architected with the Customer in the forefront of all our minds.

There is a lot to do to change our architecture mindsets. We need to stop thinking internally of our own Enterprises and change to think FIRST of our Customers. It was hard enough trying to achieve Enterprise Architecture, one can only imagine the difficulties that will be encountered on this journey. However the benefits are even more legion than those which drove us to strive for Enterprise Architecture. Now all we have to do is to persuade the internal functions why this makes more sense than focussing on their special needs. Perhaps it will be easier to persuade them to give up their own gains, if it is the Customer that wins rather than a colleague in another department/organisation!?

However it won't be that easy to accomplish as the legacy systems are all facing the wrong way, akin to each organisation or function in an Enterprise having its clothes on inside out! Perhaps the challenge of changing this state of affairs should not be imagined, as the resulting vision of Enterprises in varying states of undress will not be not pretty. But imagine it we must, happily we have pointers and emerging tools and services. The tenets are similar to those espoused in the Jericho Forum COA, the benefits will however be more profound. Additionaly, SOA, the Cloud, Mobilisation, Web 2.0 (The Social Web) and in the future Web 3.0 (The Semantic Web) are all emerging at the right time. With these tools Enterprises will be at least able to consider the transformation, assuming of course they have Customer Centric Architects that get it, and internal functions that are willing to take their "clothes" off! Perhaps that is the real result of Consumerisation, not just of the devices and services, but of whole Enterprises! Now that is a nice thing to imagine!

Aha Number 1: On the relationship between my Personas and my "Me" Tags

2008-10-26T14:52:00.007Z

I created this Blog Space, out of some weird sense that I didn't want to be blogging on this subject to my usual reader! Something about wanting to reach/please a different audience. This week while on the Leading Edge Forum Cloud Study Tour, I watched as @mastermark decided to reduce his tweets under the #lef tag, because he felt he was overwhelming his audience. This must have got my subconcious thinking as I woke this Sunday morning knowing that Personas and Personal Tagging were very closely related.

So for some definitions:
A Persona is a public facing identity that normally has a name like Adrius42
Personal Tagging will come in three basic forms, the lowest level is self asserted, next comes from the aggregation of third party tags (vis By public acclaimation Adrius42 is a Geek, and those of you who know me will know that I would be mighty proud of such an acclaimation!) this second form of tagging is what others tag me as, the final form of tagging is a claim that can be authenticated via a thrid party, eg I am a Doctor ( I am not so I would have a hard time having the BMA authenticating that claim, whereas my son would not)

So onto my Aha! this e-trust blog space is simply a poor attempt of mine to tag my Web2.0 persona.

What would be better is if the Social Media Tools (starting with my friends at FaceBook who really didn't get what I was talking about when I raised the topic!) were to implement Personal Tagging it will be the early beginning of Identity and Access Management in the Social Space.

Instead of "following" all of Adrius42 you could "follow" my Web2.0 persona articulated at the application level by Adrius42#Web2.0. I would be more comfortable letting some of you into that, than the whole me!. So when you accessed Adrius42, you would get to see those persona#tags that you have chosen to follow and that I have let you see. You can also chose to unfollow one of my persona#tags if I start to get too nerdy in it, as you might my upcoming Adrius42#greencomposting persona#tag!

I would also be able to define the folks who could see my persona#tags. For example my Adrius42#web2.0 tag I might make public, whereas Adrius42#holidays I might make visible to friends so that they could choose to follow it and I could choose to let them.

So here's to Persona#tags

Now all I need is for this post to go Viral and for my FaceBook friends to get what I was jabbering on about.... then my Twitter friends then my Del.icio.us friends... and then my whole Social Media Universe. And then Mark and I would be able to stop feeling guilty about what we were blabbing on about!!!

Latest Version of IAM Module

2008-08-20T03:30:00.003+01:00

Latest Version based on all your kind feedback..

Module Overview
In a world where collaboration is increasingly the norm, information is an increasingly valuable asset. High profile attacks on organisations from foreign states, credit card information being stolen from unprotected wireless networks, or simply the loss of personal data sent through the post on CD-ROMs, all demonstrate the changing shape of the risks to that value. Information Systems are used to store and disseminate these information assets within and between organisations. Organisations therefore need to ensure they protect the communication and storage of this information in these systems by understanding the risks they face and putting in place appropriate measures to prevent their information assets from being compromised. This module will explore this Information Asset Management (IAM), and the role that information professionals take in IAM. Opening with the framing and history of IAM, the module will use key industry resources and knowledge of business information systems to approach the analysis of business risk and planning of information risk management, realised through real-life case studies and guest lectures.

Learning Outcomes
By the end of the module the student will be expected to be able to:
• Understand the different types of information threats and vulnerabilities that an information system may experience, and how they may impact businesses.
• Evaluate the information risks an information system may bring to a business and communicate the potential business impact of those risks.
• Analyse the security elements of information technology services, systems and assets within an organisation. This will include the competencies required to manage the confidentiality, integrity, and availability of data and information.
• Develop appropriate controls and/or mitigations to maximise the business value of an information asset, while ensuring the risk is kept to an appropriate level
• Show understanding of the various aspects of information asset governance, including policy development and related regulations, compliance practises and issues.
• Demonstrate understanding of the techniques used to manage data and information within an organisation and as it crosses into and out of an organisation. This includes the IT and information management processes involved in the acquisition, creation, categorisation, storage, transfer and disposal of data and information.

Initial Plans for the Assessment

2 hour unseen examination

Initial Group development and implementation of an Audit Plan:
Based on a case study of Company X, that holds a number of information risks of various degrees of complexity and transparency. In groups, students will produce an audit plan, and implement the information risk assessment. The case study is based upon real-life situations.
Groups will have the opportunity to interview a guest IT professional and the lecturer who will both role-play Business and IT Leaders in the Case.

To address the following learning outcomes:
- Evaluate the information risks information systems may bring to a business and communicate the potential business impact of those risks.
- Analyse the security elements of information technology services, systems and assets within an organisation. This also covers the competencies required to manage the confidentiality, integrity of and availability of data and information
- Show their understanding of the various aspects of information asset governance, including policy development and related regulations, compliance practises and issues.
The development and implementation of the audit plan allows discovery of the risks. Feedback will be given on the approaches the groups have taken.

Group Information Risk Assessment and Control Plan Presentation:
Subsequently the groups should analyse their assessment develop their proposals for the final phase. In this phase the groups will present their assessment and proposals, as if to Company X’s Audit Committee. They will produce a written audit document, to include; an executive summary, a detailed information risk assessment, an outline of the potential impacts, and any proposed policies, controls and/or mitigations.

To address the following learning outcomes:
- Evaluate the information risks an information system may bring to a business and communicate the potential business impact of those risks.
- Analyse the security elements of information technology services, systems and assets within an organisation. This also covers the competencies required to manage the confidentiality, integrity of and availability of data and information
- Develop appropriate controls and/or mitigations to maximise the business value of an information asset, while ensuring the risk is kept to an appropriate level.
- Show their understanding of the various aspects of information asset governance, including policy development and related regulations, compliance practises and issues.
The Information Risk Assessment and Control Plan will be marked per group, but an individual portion of the marks will be assigned based on how well each student worked within the group.

Information Asset Management: Draft Learning Objectives

2008-08-18T17:58:00.004+01:00

I am starting on the journey of module development... lecturing on Information Asset Management to third year computing students at a UK University.

I have the passion for the subject, I know that they really need to know this stuff, especially in the collaborative "cloud" world we have racing at us fast! My challenge is that there are apparently few courses out there for me to build upon, and even less reading material written on the subject. I am excited at the opportunity to help prepare information professionals in this way. So given the nudge I had this morning on Twitter from @gblnetwkr, I decided to start to call upon the wisdom of the crowds!!!

Draft Module Aims
This module will focus on the importance of managing information assets to maximise value and mange risk to an appropriate level. It will explore the various agencies, roles, policies, processes and technologies involved, while highlighting the importance of the role Information Professionals, and others, need to play in managing information assets.

I am using the e-skills PROCOM work as a guide, though that is still in draft, and is not too strong in the area of Information Security. I will also be using PROCOM, COBIT and ITIL more formally when I figure out the appropriate approvals and copyright implications.

My first ever "initial" draft set of Learning Outcomes !!!

By the end of the module the student will be expected to be able to:
• Understand the different types of information threats and vulnerabilities that an information system may experience, and how they may impact businesses.
• Evaluate the information risks an information system may bring to a business and communicate the potential business impact of those risks.
• Develop appropriate controls and/or mitigations to maximise the business value of an information asset, while ensuring the risk is kept to an appropriate level.
• Ensure the security of information technology services, systems and assets within an organisation. This also covers the competencies required to manage the confidentiality, integrity, and availability of data and information.
• Show their understanding of the various aspects of information asset governance, including policy development and related regulations, compliance practises and issues.
• Demonstrate their understanding of the techniques used to manage data and information within an organisation and as it crosses into and out of an organisation. This includes the IT and information management processes involved in the acquisition, creation, categorisation, storage, transfer and disposal of data and information.

All that draft language should give you the clue, feedback welcome.

...on three counts
1) If you were a student would you want to come to the lectures?
2) Is the content right?
3) Any other perspective you might have....?

How to Trust Apple's Time Machine and Time Capsule

2008-08-10T11:32:00.004+01:00

For reasons I am still not totally clear on, but that I suspect could be down to poor coding, my Apple Time Capsule and Apple Time Machine became unworthy of e-trust.

The dreaded words "Preparing Backup" being the harbinger of doom for many, and for those who enjoy console logs the still scarier words "Node requires deep traversal" tended to signify a VERY long wait for the backup to prepare, my record stint of patience being over two weeks! This is not one users experience according to various forums. However those same forums hold some gems that helped me regain control of my errant backup processes, while I wait impatiently for Apple to figure out that they really do have a problem with their Time Machine and Time Capsule.

So for those who have the same problem I will be placing in this blog a few of the gems I have gleaned from the various fora.

I will also be attributing the finds, but for now some quick pointers

1) Use the Console (iashton in Apple Support Forum)
Try starting Console - its in Applications/Utilities
Click on system.log in the left hand pane and then type backupd into the filter box in the top right of the window
Click the Time Machine icon on the top menu bar and select Back Up Now.
A backup should start and you can check its progress in the Console window.

2) A Fix (Patty Patty in Apple Support Forum)
1) Turn Time Machine off
2) Trash the com.apple.TimeMachine.plist in /Library/Preferences
3) Restart
4) Full Spotlight reindex of the Macintosh HD
5) Added a bunch of folders to the "Do Not Backup" list in Time Machine
6) Turn Time Machine on

3) A Great Tool The Time Machine Editor
I used this to reduce the number of backups

Civility 2.0

2008-07-28T03:21:00.004+01:00

I am finding it more and more difficult to decide what to Blog, Tweet, Status Update, Wall Post and I don't even have a word for what I do in Identi.ca! in short I am experiencing a Social Network Overload of Tools (or SNOT for short) Too often I resort back to eMail, with the resulting loss of Knols.

One reason for my difficulty was exemplified in my real world existance this afternoon at TMO's (But you would need to read my Martian Observer Blog to relate that label to anything) Suffice to say that the two of us were deeply engaged in a rich and varied dialogue on the wonders of Everything 2.0 (a numeric label that he hates incidentally) During this wide ranging discourse I was watching the face of his spouse known as SWMBO, waves of different looks from sheer disinterest, boredom, and frustration washed across her visage. I believe it was TMO who first offered to change the subject, and we got the very dangerous response "It's alright.... I'm used to it!" Needless to say we changed topic immediately, neither of us being totally neanderthal!

The issue: We were not being Civil, in fact we were being plain rude!
The subject matter of our discourse did not match the audience present.

I have thus developed a communications model making use of the G8 Traffic Light Protocol, (which is my favourite classification tool comprising 4 colours White, Green, Amber and Red. )

Imagine you are in a Restaurant and you have 4 means of Communication:

White=SHOUT

Green=Talk Loud Enough So The Whole Table Can Hear

Amber=Talk to the persons either side of you

Red=whisper

Apply the right Traffic Light Colour to each of the following communications
"Shall we all split the bill?"

"FIRE! FIRE!"

"You touch me again like that and I will tell your partner!"

"What are you both ordering, I'm going for the steak"

The above exercise did not include the more complicated topic or group based segmentation, but hopefully showed how easy it is to classify communication type in the real world.

In the more virtual worlds of social networking we have just one communication type and that is SHOUT. Unless one switches back to email where we have a number of techniques ranging from type of addressee (To: cc: and bcc:) to group lists and the Subject Line that allow us to target our messages, and thus be more civil.

Social Networking Tools have not yet evolved Civility Features, this blog is hopefully the start of a common design pattern that will allow all developers to develop "civil" tools.

The colours are basically a form of Meta Data.
WHITE= Public Broadcast equivalent to SHOUT
GREEN= All Community Members equivalent to talking to the whole table.
AMBER= Defined Group(s)= Normal Voice between a few people
RED= Defined Individual(s)= Whisper

Title and Category fields would be an additional set of parameters that allows effective decision consume/notconsume from the audience/reader

I look forward to avoiding the need of going to so many places.... or feeling less restricted.

OpenID and Identity Selector

2007-12-16T08:58:00.000Z

Just got Firefox working with Card Selector now trying to find OpenID enabled sites that can use it..... It sucks being on the bleeding edge. BUT IT WILL HAPPEN!!!

I have faith just like I did when I started banging away about BlueTooth PAN's

They did arrive just 10 years after I wanted them to!!

Comments! on previous posts

2006-11-27T12:57:00.000Z

I have left them as a fitting demonstration of the vagaries of e-Trust!

It appears that this blog site does not conform to one of the, as yet un-written, principles of e-Trust.

Namely: Any system that mediates e-Trust will have default settings that are aimed at achieving the highest level of e-trust.

The settings in question were related to the manner in which comments were allowed.

(Alternativley on setting up the site I was not warned of the consequences of changing the settings! I honestly cannot remember which!)

e-Trust: An impossible Goal?

2006-11-27T12:30:00.000Z

If we define e-Trust as that trust that can be electronically mediated between two individuals or corporate entities.

The challenge is can models be developed that allow the development of an electronic environment, that is conducive to the mediation of trust?

Trust alone is such a fun (read "complex") concept. "e-Trust" raises the problem another power.

I see this as a key future challenge, we are fast moving to an electronically mediated world, and we have as yet failed to develop the trust models to keep up.

My question to you is who should be working on this problem to help us achieve this goal? If it is indeed solvable....

I start from the position that those that create the need for, an means of, electronic trust mediation are responsible.

The desired outcome is Information Quality Management, a seemingly as yet little explored area of Computation
I see it as a discipline in it's own right....

The weak description on Wikipedia is clue enough!

Apparently the discipline is being claimed by
librarians...

Librarians are clearly one of the historical professions involved in the discipline of Information Quality Management, and will be able to help us address one part of the problem. One might ask though, do librarians have the formal training in, or understanding of, the complex system theories that are needed to underpin Information Quality Management? At the very least there will need to be a join of disciplnes...

There are many interested parties:

The principals
Individuals
Corporations
- Sellers of Products and Services
- Buyers of Products and Services
Government
- Police
- Legislative
- Customs
- Tax
Academics
- Computational <--- My thought for where the buck stops...
- Economical
- Sociological
Librarians

My question is how will the right academic disciplines come together to ahieve this goal. For after all, it cannot be too long before all of our future economical value will depend on it!!!

e-Trust 1 = The Network

2004-07-28T23:15:00.000+01:00

The first cornerstone of trust: The Trust Network

Top Level: PERSONAL
I know them
They have never done anything bad to me,
They have done many good things for me

Second Level: VISIBLE
I can see them
They appear to have not done anything bad
They appear to have done many good things

Third Level ANONYMOUS
I don't know them (and they don't know me)
They can't do anything bad to me

e-Trust a definition

2004-07-28T18:46:00.000+01:00

I have decided that e-Trust is a unit of Measure, the sum of which is a sort of Barometer of Public Trust of the e-Space.

There are many things that affect this Measure from the butterfly flapping it's wings over Madagascar, to the latest version of your favorite worm or virus. At the time of writing the author of MyDoom-O must be going round with a smug look on their face, if only he understood that he just put another nail in the freedom that we can experience in the e-Space.
For he just negatively impacted "e-Trust".

One posit is that when the sum of e-Trust falls below a specific but as yet unknown level the "powers that be" will feel compelled to react and implement what may feel to some like draconian measures to bolster "e-Trust".

Did you know that Microsoft is working with the UK Government to develop ways of bolstering e-Trust, as we blog?

My question for today:
What ARE the types of activities that impact e-Trust, postively and negatively?