ARCast - The Laws of Identity

Download

Right click “Save as…”

  • MP3 (Audio only)
You have an identity... yes, you do.  In fact you have multiple identities.  Think of the many accounts you have on domains, networks, websites and on and on the list goes.  For many years the world has operated by a simple set of rules around identity but now things are changing in a big way with new technologies like claims based identity and InfoCard.  In this episode Ron chats with Kim Cameron architect in the Windows Identity and Access management group about his laws of identity.

Links

Transcript

Speaker

Content

Start time

 

Ron Jacobs

Welcome my friends to ARCast. I’m your host Ron Jacobs with Architecture Information and Talk, that’s what we do here we talk. It’s not a video, but really my guests are not that good looking anyway and I’m certainly not, so you are doing yourself a favor by listening only. Plus that you can multitask. Many people tell me that they listen to ARCast while working out, riding a bike, riding a bus, riding in their car, whatever you do just tell me about it, send me a note, to ron.jacobs@microsoft.com

00:0.0

Ron

And now Kim Cameron with the Laws of Identity

00:42.24

Ron

Hi this is Ron Jacobs and welcome to our talk today. I’m joined by Kim Cameron who is an architect in Windows Identity and access management area. I guess I’d say how’s it going Kim?

00:47.11

Kim Cameron

It’s just great.

01:7.31

Ron

And and so, that’s really interesting. I didn’t realize that we had a whole group that is focused around identity and access management in Windows.

01:8.43

Kim

Oh sure, because we have things like Active directory, you know meta directory integration services and all that sort of stuff. So different ways of being able to find out who you are dealing with inside windows environment. So when you for example login to windows, you know, somebody is got to write that stuff

01:17.11

Ron

Yeah oh yeah, I’m glad you are because you know

01:36.98

Kim

It’s not me though

01:40.08

Ron

OK well (laughs)

01:40.73

Kim

It’s our, it’s our group

01:42.51

Ron

Your group… yes, but you are the architect. You’re the guy that like in Matrix who wheels around and says I’m the Architect

01:43.96

Kim

Yeah, Yeah, I’m responsible for what's wrong and what's bad about it,

01:51.00

Ron

Okay… Now you’ve come up with this real interesting thing that we are going to talk about today called the Laws of Identity. And I love; I love these kind of things. There are seven laws of Identity that you’ve written down on your, on your wonderful blog which I’ve to plug it’s www.identityblog.com

01:55.93

Kim

I love you…

02:16.72

Ron

Well you can return the favor and plug this show later

02:17.50

Kim

I’ll I’ll

02:22.18

Ron

I love concise list like this because it kind of formalize a lot of random thinking that goes on. How did you come up with this list

02:22.90

Kim

Well you know I was … Have you been ever to one conference too many?

02:33.30

Ron

I have … yeah

02:38.10

Kim

So you know I was there and I just was listening to the way the discussion was going and it occurred to me that we don’t really have a framework that allows us to restart the discussion about identity anywhere except from the beginning each time we have it. Sort of like back to the beginning, rewind, and we start again. And all the words mean different things to different people and basically there is… so as a result everybody ends up discussing little technical nits instead of the real concepts that are behind these things. So I figured … is there some way that I can actually reset the conversation or or… well the same time I was just starting to blog and I didn’t really know anything about it … which was a good thing… and I didn’t have anything to write about so I was going … you know… I wondered what would happen if I started this discussion in about. How we get a real … you know… a set of concepts that we can reuse so we don’t always have to go back to square one. And do that with the web... so… it was kind of … it was just a … sort of... experimental, trying to figure it out kind of thing.

02:38.96

Ron

Yeah and I guess a few people have noticed this now and so started showing up in various conferences and slide decks and that sort of a thing right?

03:57.92

Kim

Yeah it’s really bizarre because first of all I was thinking that I’ll start a blog and then maybe a year from now or something people will start to read it.

04:5.62

Ron

Yeah

04:16.21

Kim

But what happened was I started … well first of all I guess it was a bit polemical to call it the laws of identity. I was trying to show that it was not just opinions or moral precepts or something but we are trying to do something to understand the dynamics, underlying dynamics, the system so I said that OK I’ll call the laws just like the… you know… The laws of robotics

04:17.06

Ron

Yeah alright there you go

04:38.97

Kim

And I thought well, you know that will get some of my friends sort of steamed up and they will participate in the discussion. Yeah, it was great because I couldn’t believe how fast it just turned into a phenomenon on the web and all the people who interested in identity were contributing and ripping me apart and you know promoting various ideas and it was great

04:41.21

Ron

OK so what I want to do now is to begin a kind of run down  the seven laws and see if you can help our listeners get essence of what each of them means. So the first law is about user control and consent. And here you say a Digital identity systems must only reveal information identifying a user with the user’s consent.
 Can you tell me a little bit more about that law?

05:6.28

Kim

Well you know we have had lots of systems that reveal the information about the user without the user knowing about it. And then the user finds about it. And the user as if there is one but… you know a great number of the users who find out about this don’t like it. I mean it is a basic thing that when if you want a system to succeed people should like it. Right? If they don’t like it , they are going to use some other system

05:31.41

Ron

Can you give an example of where systems have done that sort of thing?

06:1.34

Kim

Well I will and you know it’s not pretty but for example there are times when some of Microsoft’s products reveal … you know… how to GUID it in them that was constant and essentially ended up identifying the documents coming from a particular source right? It wasn’t intentional in any way but it was... effectively ended up being an identity system … a non intended identity system and actually it is part of my thinking that a lots of these unintended consequences in this area of identity systems and intended consequences which are really more , much more propitious than the intentional ones

06:5.12

Ron

You know as I recall the guy who wrote that, that massive “I love you” virus that was the WORD macro was nabbed through that GUID wasn’t it?

06:49.58

Kim

Yeah he may have been but that doesn’t mean that was the only way to nab him right?

06:59.58

Ron

Right I just remembered that it was an interesting way that they figured that out

07:4.52

Kim

Yeah, you know that there are lots of ways that you could have nabbed him without at the same time compromising the privacy of the entire population of the World.

07:9.50

Ron

Well sure, I mean you know it would... a great way to reduce crime would be to make every little bit of information public, but that’s not the goal here…

07:24.90

Kim

Put every one in prison... cut it down to the minimum

07:33.80

Ron

Sure right

07:37.38

Kim

But I mean , part of the problem is if you start having GUIDs and things like that, that link all of the information of a certain kind together, you’re starting to create… it’s not simply a privacy problem it’s the problem of security of the system . So it now becomes possible if you breach the system to end up with a lot more of the systematic knowledge of what you’ve done right… because you’ve got these linking GUIDs, you’ve got these identifiers etc.

07:38.27

Kim

I’ll give you an example if we ended up using the same identifiers for every website we go to right… I mean that’s a privacy violation in the sense that the different websites can now correlate the information we didn’t intend them to correlate. It also at the same time a mechanism which means if somebody broke into that kind of a system they could do a lot more damage by knowing that… sort of … by having access to that super dossier then they would be able to do if they broke into one system .

08:11.43

Ron

But that’s sort of the big problem about today’s world of usernames and passwords is just that a lot of people... hey I’m guilty, I try to use the same userid on every website I can possibly use it on because I can’t remember all the various combinations that I’ve used

08:44.50

Kim

That’s cool … Wow!

09:1.79

Ron

I hope none of those websites figure that out by the way!

09:2.73

Kim

Do you use the same passwords too?

09:6.96

Ron

As much as possible... Yeah

09:9.10

Kim

Well you know and may be for the lot of the websites that you are visiting it doesn’t matter because … you don’t really… you know… they are asking you for your identification and it doesn’t really... you don’t feel very strongly about it.

09:11.36

Ron

Yeah

09:22.37

Kim

Do you use the same username and passwords on your bank account for example?

09:22.88

Ron

No no I don’t there … yeah because …

09:26.80

Kim

Are you sure?

09:29.30

Ron

I’m sure because who cares if you know who can see how many frequent flier miles I’ve on an airline … I don’t care about that … may be might be able to redeem them I guess but on my bank account I care about that

09:30.12

Kim

Yeah

09:42.66

Kim

Yeah, and one of the ways that people actually take advantage of this kind of thing is they set up a sort of … sites like lets say a golf site, and they setup this golf site and actually run a real golf site and you’re interested in Golf and so you know… you go to this golf site and you use this username and password and if you are actually one of these people who uses the same user name and password everywhere of which are many many many you’ve now … I can now take that and start working on major web sites

09:42.96

Ron

Right… Oh Yeah… Sneaky!

10:16.71

Kim

Yeah so you’re harvesting you can setup apparently legitimate web site that are used to harvest other websites. Part of my job that is a very bizarre part of it is I have to listen to all these mechanisms that are being used to attack… you know… what you are doing on the web. So that was another thing that let me to get involved in these laws of identity. You know… I just can’t stand this any more

10:19.32

Ron

Do you actually spend time talking to security investigators who like figure out that kind of attacks these guys are doing?

10:43.86

Kim

Oh absolutely. I talk to people across the industry who are… you know… each of them has their own story of Wow etc…You start to put it all together and you go Oh my god, this is a ciaos really and we have a … we invented the internet and there is no systematic way of doing identity therefore everybody makes something up … and what do we call that if everybody makes something up… we call it a kludge right … so lets face it , it’s the patchwork of kludges and at the same time the amount of business that’s being done on the web is increasing so it’s no longer just something for having fun… right… You know people are doing real... I was talking to somebody who bought house on the web …

10:51.97

Ron

Oh my Gosh! Wow! You know it’s interesting… this is the holiday season and I’ve been doing a lot of shopping for gifts … you know… and I was noticing Saturday was that using my American express card like crazy OK… I was like charging, charging, charging … every store accepted it without questioning , didn’t look at any identity , didn’t ask for anything as long as I did this electronic signature , they didn’t even look at that , except for one , one store where I made a $9 purchase insisted on seeing my drivers license and  I thought… good for them… you know… somebody is cares about this but

11:34.38

Kim

It’s also that you are famous

12:8.04

Ron

I guess so, but it’s almost like you know we have this system where it’s like hey we are making money , just shut up and lets go with it... you know and … why should we have a big head ache here

12:9.73

Kim

Yeah and… that’s fine … Lets go back five years and think about what we thought about phishing and identity theft on the web. We thought… Oh … I mean it didn’t appear on the radar did it? And you go five years forward and you look at what happened in terms of spam and basically the criminalization of the thing … and now put yourself… I mean I’m an architect and so… all joking aside… I do have to think ahead right

12:20.60

Ron

Yes

12:51.28

Kim

So lets think ahead five years or ten years or fifteen years and assume that we don’t do anything about it … and … I mean… actually you know… CAGR is the compound annual growth rate... it’s sort of a way of looking at an aspect of the industry and seeing how healthy it is … well the CAGR for this kind of identity theft and of attacks  is over a 1000 percent. I mean there is one of the cards of institution that is the healthiest

12:51.70

Ron

It’s a boom

13:21.32

Kim

Yeah … so you know you think ahead five years, ten years, if we don’t do something about it and basically the …. There is going to be a crisis of confidence in the internet … We have to act now. Even if we act now, it takes us what 3years? 5 years? how pessimistic are you … you know some number of years before that turns into something measurable that we have done

13:22.25

Ron

You know it is interesting that almost all ways in which we transact business on the interdebt… internet rather…

13:51.33

Kim

Interdebt…

13:58.96

Ron

Yeah the Interdebt yeah… that’s a good way of looking at it.  That causes to have to reveal whole lot of information about our identity to everybody involved in the transaction in order to get anything done.

14:0.07

Kim

Well that gets down to some of the other laws like the second law … and I don’t claim that these are all original or anything, it’s really the way they are assembled that is interesting… but for example the second law is that you should never ask for more information than you require. This is whole thing... you know… just get the extra information just in case we need it one day… you know it will be nice… that way we’ll have it there and so what you end up creating if you do that is this honey pot that then becomes attackable . So one of the things we should do to make the system succeed is just not store stuff that we don’t need. That’s easier to do if it’s easier to get stuff when you do need it. So there are all kinds of implications in that.

14:16.18

Kim

And the third law is in the same direction which is tell people who will be sharing access to that information and that way it would basically be more pressure on you to reduce the access to the information to the minimum so once again you reduce the honey pot effect and you reduce the chances of a breach so I guess the over point there is that what people look at is privacy concerns ultimately tend… end up being ah… security concerns by embracing the privacy issues we embrace all of the matters of hygiene in terms of building a secure system

15:2.39

Ron

Well speaking of hygiene, I mean I was…  it drives me crazy if I go to see doctor or some chemist specialist and they give some kind of a form to fill out and they always ask for your social security number and I’m like what on the earth do you need that for and I guess they want it so that if they don’t pay or something then they can go after me for collections or what not but I begin not to put that down because I’m like You are my doctor, you don’t need to know that ok and because it’s a tremendous liability for them to have that information in their files and they just have it on paper sitting in the file cabinet that any old and employee could run by and grab that

15:43.35

Kim

Oh yeah and there is this guy in England you know , Toby Stevens who has developed this idea , in Europe they have a lot of discussions about what they call Data governance so he has developed this notion of data rejection and so that is the highest form of data management is Data rejection . But that’s interesting because I went to a pharmacy the other day and they asked me you know I guess if you went to a doctor they are trying to make sure that you really have health coverage and so on I went to a pharmacist and I wanted to pay cash and they still wanted my social security number and I said.. and they wanted to stick it into a computer , I said no, you cant stick it in your computer and they said that you know we have to take your social security number and we have an alternative system and I said that is the alternative system and I said we write it down on this piece of paper which has your name, your address your social security number and then we stick these all in this box that is kept under the counter in the pharmacy

16:19.56

Ron

Oh yeah that makes you feel good

17:24.97

Kim

Yeah that’s great

17:26.15

Ron

Well it is kind of crazy how you know ten years ago nobody thought anything of that and we are you know every body goes hmm we need a some form of unique identifier for people and well most folks have a social security number and lets just use that and so they built a lot of apps that relied on that as a identifier and

17:27.89

Kim

Right and you know I think you have to go forward to the... you know once again you have to go forward ten, twenty years and imagine, you know I’m sure you see all kinds of stuff going on around and here there is very interesting you know coming out of futuristic thinking and you know it’s going to happen , I mean all of this ambient stuff, right where your entire environment is going to be responding to your identity and I mean how far do you want to go are there any boundaries to that ? Are we going to have any boundaries? For example I know the software coming out of these new companies is actually reading everything we are reading as we read it and creating a profile on us about... so they can offer handy helpful suggestions on about what else we should be reading and everything else. And you know so there’s an example of this little accessory you know this helpful accessory sort of like a paper clip you know, can be more helpful you know which actually is a knowledge, a very deep knowledge about what you are thinking right? Now what is going to have access to that knowledge I mean you know where that end does? Does that end at the boundary of your house? Does it end you know when I go to your house is your system able to tap in to that system of knowledge of me and what I’m thinking? And so on... so I’m not implying that there is any great negative plot here what I’m implying is that there are big issues about where the edge of our thinking and our minds and so on are going to be defined in the virtual age

17:47.71

Ron

Well you know the other interesting thing here OK the fourth law you talk about is Directed identity. You say A universal identity system must support both “Omni-directional” identifiers for use by public identities and “unidirectional” identifiers for use by private entities, thus facilitating discovery while preventing unnecessary release of correlation handles

19:38.34

Kim

Isn’t that beautifully written?

20:3.01

Ron

That is beautiful, what does that mean? It sounds good but I want to know what it is?

20:24.93

Kim

Wordy or what aye? Well, OK, we’ve sort of taken it for granted that everything is grammatical and you know if we go to a service it identifies itself and we as an individual identifies itself and those things are sort of peers but in fact it, you know we aren’t really peers from a privacy point of view. If I’ve a store, an online store I want it to be as well known as possible I want everybody to know everything about that store so that I can get as many customers as I can but when I’m going into that store that’s another thing I mean once again it’s the question of how many of these agents are looking over my shoulder about what I’m purchasing in the store and what I’m looking at and rejecting and thinking about. Am I going to be helped to death so what I’m saying is that the identity that you should go into the store with as an individual should be different every time you go into a different store unless you want to cook them up where as the identity of the store , public things, it’s fine for those to be publicly known public things so there is difference between the sort of the requirements of the individual and in their private mode as you know as a single individual and something like a store or television station or government or something like that and we should respect that

20:30.55

Ron

So in my wallet I have cards from various stores who offer me a discount or better price or something If I go to the checkout and wave my card and they go Oh yeah you get a better price so is that an example of this kind of a unidirectional identifier that I’m going to identify myself some thing more than a shopper , I’m Ron Jacobs and here’s the history of everything I buy from you guys

21:41.15

Kim

Yeah I mean and those sort of brand loyalties for cards are unidirectional. I’ve also seen in , where I come from in Canada they have a thing called an airline or air points card or something where you have the same tracking number that is used across all of your purchases

22:8.77

Ron

Ok so that lot of different merchants can participate

22:30.59

Kim

Yeah and then they can start to put together knowledge of you and use that every time you walk into the store, right now they don’t know what your identity is when you first walk in but you can imagine once we have our RFID that you just walk in and they’ll know oh here is a shopper, he hasn’t bought anything in the last two months and hey we are not going to serve him

22:34.26

Ron

Could it be like... in Minority Report where Tom Cruise is walking to the mall and all those you how holographs are going Hey how about those pair of pants you bought last year, how are those doing?

22:58.14

Kim

That is not in my view that is not science fiction that is this ambient atmosphere that people are a talking about and that’s inevitable that that’s going to happen. Now the question is to an extent we as individuals can control how that happens

23:10.00

Ron

Oh yeah you know actually…

23:25.63

Kim

And that’s what these laws are really about

23:27.10

Ron

And you know I have to say for a long time I went through and just accepted all this right. Then the other day I went to a toy store of all places and they said I’m going to check out and they say Can we have your phone number and I said No you cannot have my phone number what do you need my phone number for I’m just buying a toy you know. What if I just want to pay cash and want to be anonymous guy? You know… why should I give you my phone number that’s annoying

23:28.80

Kim

You know what about the similar..., Now our signature is my signature is in thousands and thousands of scanned databases everywhere so... What’s the value of my signature

23:54.22

Ron

True and I usually make a horrendous version of my signature on those little electronic things

24:5.06

Kim

Well I actually saw something…somebody’s blog where he made it in art form to … to sign his cheques in various ways that had nothing to do with his signature

24:10.07

Ron

That’s a good point , Yeah, I never thought about that… someone could just take one of my digital signatures , slap it on a document you know I probably would have a hard time to telling it was different

24:20.96

Kim

Well, we have to as architects and technologists, we have to assume that all our systems will be breached

24:32.24

Ron

Yeah

24:41.11

Kim

it’s not… see I'm going to build this system so it wont be breached right, I'm going to build a dike so wont be breached right, sure it wont be breached, one day it will be breached, Now what happens

24:41.83

Ron

right

24:54.51

Kim

So, and you know it’s funny because once we had a law in California that saying that, you know , Identity breaches had to be reported. It was like there was like millions of them, right, they were reported everyday you think that’s the word had really fundamentally changed but all that really changed was that it was the reporting.

24:55.08

Ron

yeah

25:13.07

Kim

Of course people don’t call it as identity theft or theft of identity information it calls it a loss right because one doesn't know where you know where that thing goes.

25:13.54

Ron

Well my question is how do they even know about all the ones that happen, I mean they probably cant know about all of them

25:23.53

Kim

They cant know about all of them

25:30.07

Kim

And so we have to take it as a given that things will be breached.

25:31.08

Ron

yeah

25:35.23

Kim

right, OK so once they are breached, that means for example all the whole bunch of those systems that have my … or your… signature in electronic form are going to be breached and may be it will be there along with your phone number amalgamated with other information brought in from various third parties so that they have everything up to your social security number and who knows... so what I'm saying is... if if if if that you know as the world moves in that kind of direction... there is going to be a lot of pushback to it. The pushback will undermine the creation of an identity system or any kind of an identity system. My ideas on the laws of identity is lets lets think ahead figure out there will be breaches figure out there will be these real problems if we don’t start to act you know in a more mature way and build those things right from the beginning so we don’t hit those problems

25:35.84

Ron

OK so that brings me to the fifth law which is Pluralism of Operators and Technologies where you say A universal identity system must channel and enable the inter-working of multiple identity technologies run by multiple identity providers. This kind of takes me back a few years when we had this grand vision for passport we were like the uber identity that just everybody would get one of these and you want to be your one identity that everybody could trust

26:32.64

Kim

Yeah, wouldn't that be nice?

27:2.29

Ron

Yeah that would have been great, why didn't the world go for that? I don’t know

27:3.46

Kim

Wow … The world… there is no one identity that you want to use. You don’t want everybody to know equally about you in all contexts

27:7.26

Ron

hmm hmm

27:17.47

Kim

You know… there are some people who do. There are some people who are really truly public characters and don’t give a darn if anybody knows about anything … you know and… in terms of their lives and so on

27:18.08

Ron

and they are usually dead

27:32.82

 

<Laugh>

27:34.48

Kim

I was assuming it was his… I have a friend, I have one friend that is perfectly that way and I myself you know am not particularly you know concerned about these things as an individual. But I have a fairly public life … but when I call fairly … but when it comes to you know to do this kind of thing you know I use different identities to do different things. So for example I don't personally want to use my government identity when I go to my bank. I don’t want the government to get close to... more closely involved with my bank and my banking than it already is. I don’t want to use my banking identity when I go and you know sort of reading stuff on the web like... I don’t... when I log into the New York Times do I want my bank or my government to know how long I spent reading each article or what my profile is in terms of articles and so on...

27:38.00

Kim

So I just think that it’s inevitability that people would want multiple ways of expressing their identity. You know and they would want to be able to have what we call contextual separation between the different aspects of their life. The other thing is what is you know, we are just at the beginning of what identity systems can be technologically there are some really amazing systems coming out of the university area that have these wonderful properties I cant go into them at this point but you know they are so much better that anything that exists right now. so we don’t want to build our system to be closed off from the way it can evolve in the future so therefore if you don’t want to do that what you need is the system that embraces multiple ways of doing things and one last thing, if you even look at Microsoft , the different technologies we have here we have Kerberos of the kind that is used with active directory, we have PKI used with certificate authority and so on

28:42.00

Kim

We have passport, we have this, we have that in different aspects of our products so we already have many multiple ways of doing things and so what I'm saying is you have to allow that to co-exist but that doesn't mean that once somebody gets to a site they see this confused mess of possibilities you know what if they see you know twenty options they have to choose from and in terms of how they are going to identify themselves you know it will drive them crazy and they will become even more confused about what’s safe and what’s not safe than what we have today

29:43.00

Kim

So you need this set of multiple, this pluralism around technologies and who operates them but at the same time you need a way that makes it very simple to the user where they can choose which identity they want to use in a given context so that’s the seventh law. I've jumped it because they are kind of opposite to each other

30:16.00

Ron

Ah I see and the seventh law is consistent experience across contexts so The unifying met system must provide a simple, consistent experience and my laptop went dead that’s it just the battery is gone I knew I had a problem when I didn't bring my power adapter today. But OK so but really when you think about this is a tremendous challenge because like if you go to... if I went to my mother and said you know get your X509 certificate from the certificate authority and present it... now she would just get you know her eyes would glaze over she can't understand that's not the way she is going

30:37.00

Kim

Yeah and to tell you the truth my eyes glaze over because you know I see these dialogues coming up out of the system and you know who knows if they are real where they are coming from , what do they mean etc to what extent are they... should I trust them so that’s what so we have a project in my area called the InfoCard project and what that attempts to do is to establish , you know how... say in terms of files and documents everything used to be sort of just by all means and you have to understand you know from the old DOS days etc

31:18.00

Kim

And then we got to the point where we could represent those things visually… so we have you know a picture of a file folder, picture of a document, Oh yeah that’s a document I can drag the document and I can use it … I … I understand it. It’s turned into a thing rather than just some abstract concept so we want to do the same thing is that with identities so the different identities that we have that we use in different areas look like cards of the kind you would keep in your wallet and you know they can be branded and one of them might be visa and one of them might be American express and other one might be just something that you use for browsing that you've made up yourself you know your Captain Kangaroo card and blah blah blah

31:56.00

Kim

And these form a palate of identities that you could choose from and so when you go to a site it actually instructs the system which kinds of identities it will accept and then those ones slide up as cards and choose which one you want to use. So we have had very good usability experiences and you know when we were testing this kind of system and I believe that both me and your mother could use

32:41.00

Ron

Well that’s is perfect because that’s what we use everyday right if I when I go to the gym I present a card that says this is my identity here at the gym and I belong here and I go you know I get stopped by a police officer he asks for my government issued identity to see my drivers license you know so I have cards for different contexts and I present them and that only certain ones are acceptable in certain contexts so I think that’s perfect

33:7.00

Kim

Yeah I mean it’s so obvious, so you know it’s awful when you create something so obvious but anyway…

34:1.00

Ron

You know

34:3.00

Kim

I feel like an idiot

34:4.00

Ron

it’s amazing when I just got my tablet PC you know the other day right and I had it opened in the tablet mode and the first thing that hits me is how do you do control alt delete with the pen right and then they had a little keyboard picture there side where control alt delete on that this nice little friendly dialog pops up and says you know there’s a button on this tablet that you can push to do that and I remember thinking of all the usability things like that’s the worst usability thing ever that you had to press control alt delete to log in and I guess we are stuck with it for all these years because it was the one key combination that you couldn't spoof

34:5.00

Kim

Yeah, yeah they have it’s hard coded down into the kernel

34:25.00

Ron

Well anyway Kim thank you so much for joining me today, this has been really great

34:30.00

Ron

Kim Cameron!! Ladies and gentleman and the laws of identity. Just love those lists. Don’t you love a list like that? It’s really fascinating to think about all the stuff related to the ways in which we identify ourselves. And I think it’s really changing; this is a dramatic time of change in the industry and the ways in which we think about identifying the people. Frankly right now the user password thing that we've got is just not cutting it, it’s just not rich enough and we've got to change it or this whole identity theft thing you know just going to go crazy Well we have a lot more coming up on our talk with some great shows live show from the patterns and practices summit later this week so stay tuned to ARCast

34:35.00

Tag:

Follow the Discussion

Comments Closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums,
or Contact Us and let us know.