BusinessWeek rips into Al Gore for his Current TV IPO in this devastating critique (hat tip to Bruce Webster). From the article:
Something about this deal just doesn’t sit right with me. Gore isn’t just taking piles of cash. According to the filing Gore, who is listed as executive chairman, and his CEO partner, lawyer-turned-entrepreneur Joel Hyatt, each loaned the company $1 million to get it started. They’ll get that back in the IPO. But the two guys also collect hefty salaries for a company that hasn’t shown a profit in three years—taking down $491,677 apiece last year in cash, plus bonuses of $550,000 each for, in Gore’s case, helping get the company new affiliate agreements, broadening exiting agreements, and putting together a management team. The two currently receive $600,000 a year in salary and are eligible for additional bonuses, according to the IPO filing.
By comparison, at the time of the Google IPO in 2004, its two founders were each taking home a total of $356,556 in salary and bonuses, while sitting on top of a company that had earned nearly $106 million the year before.
And the bit about the Class B share structure is pretty damming too.
I don’t have any problem with someone who has a successful IPO. I also think Current TV has an intriguing business model, as far as I undestand it. This is the kind of merging of the old and new media that I think we will see a lot more of.
But I can do without the moralizing sermons from someone who can pull off this kind of sweet deal.
Ben Laurie has issues with the Microsoft purchase of Crenditica that deal, ironically enough, with trust. Specifically Ben does not trust Microsoft to make the U-Prove technology interoperable with other products. Also playing a part in this is Microsoft’s strange reluctance to support identity standards that they did not create (SAML for instance). This position does little to endear Microsoft to experts in the identity community.
Yet on the other hand Microsoft identity experts such Kim Cameron, Mike Jones, and (now) Stefan Brands are held in the highest regard in the community. They are known to be strong supporters of openness and interoperability. But the obvious fear is that as honorable as their intentions may be, they are only in a position of influence, not control.
What is a vendor to do?
What you should do is trust that Microsoft, like every other company, will behave in accordance to the law in a way that will increase their profits or market share. To expect any company to do otherwise would be unwise. This may sound obvious, yet I often hear debates in this community that boil down, in essence, whether a companying is being “fair” or not.
That said, I expect Microsoft will make the specification underlying the U-Prove technology freely available for other vendors to use. With the standard restriction that the non-assertion convenant applies only to using the specification for interoperating with U-Prove and other U-Prove compatible technologies. If recent history is an indicator I suspect they will also sponsor interoperability events and give you technical assistance implementing the specifications. I have personally been involved in an such efforts around WS-Federation (pre-OASIS) and Cardspace and the experiencees were very rewarding.
Microsoft won’t renege on any of it’s promises simply because it would not be in their financial best interest. As valuable it is, getting widespread adoption of U-Prove is going to be tough. Microsoft is going to need the participation of other vendors to do it.
If the CIA tried to sell commercial computers, would you buy one? Of course you wouldn’t. One doesn’t need to be a conspiracy theorist to think that just wouldn’t be prudent.
Now here is a slightly different question. Would you buy networking equipment from the Chinese military (the PLA)? Again, of course you wouldn’t. How about a company closely tied to and perhaps even controlled by the Chinese military? This is exactly the kind of uncertainty that is torpedoing a deal to sell 3Com to several investors, including China’s Huawei Technologies. You can read more about it here and here.
Now I am not suggesting that Huawei Technologies or any other Chinese company has or intends to embed back doors into its computers or computer components. But the relationship between the Chinese military and some of the major Chinese manufacturers is a very serious issue.
Matt Flynn has some good thoughts on Obama’s Passport breach here and here. He makes the great point that you can’t prevent people from using authorized access for invalid purposes. You can catch them after the fact, which should act as a deterrent, but you can’t actually prevent it.
This Passport controversy is something that should be remembered when we start to talk about nationalized health care. If you think Passport information is tempting to the curious government worker, what about famous people’s health care records? Do we really want the federal government maintaining a nation-wide database of all of our health-care issues, just like they do our Passport related information?
Matt Flynn relays an interesting question about federation. The question essentially boils down to this:
How do we audit federation-enabled access to business services?
What I find interesting is not the question or the answer, but how often the question is asked. A few years ago I made the utterly wrong prediction that this would be a big issue by now. With all the attention being paid to compliance in the IdM space over the past few years, there are several explanations as to why this issue is hardly ever discussed:
1) Few businesses are really using federation to enable access to important services to their business partners.
2) Of those that are many are using a federation service provider such as Covisint. Covisint supplies auditing tools and services to address this need.
3) In some cases federation has been added after the fact to an existing partnership where access was granted via provisioned user IDs and passwords. In this case the service provider likely already has auditing capabilities that are still applicable after the conversion to federation. This was the case with several federation deployments I was involved with at OpenNetwork/BMC.
I had also predicted that this issue, along with the difficulty of establishing the legal agreements needed for federation would drive business partners to federation service providers like Covisint.
Posted in BMC Software, Identity, Identity Management, Provisioning, SaaS, SAML
Tagged Audit, Compliance, Federation, Identity, SaaS, Security
Arthur C. Clarke has passed away in Sri Lanka. The last of the three titans of science fiction has slipped the surly bounds of this earth.
Bruce Webster has a great explanation of why Clarke, Asimov, and Heinlein stand apart.
Speaking of Brrrraaaaaiiiinnns, who in the world could pull together the Myth-busters, Richard Feyman, and Brain Sucking Zombies?
xkcd! Who else?
Bruce Schneier takes on the theory that loss of privacy is OK as long as it is mutual:
If I disclose information to you, your power with respect to me increases. One way to address this power imbalance is for you to similarly disclose information to me. We both have less privacy, but the balance of power is maintained. But this mechanism fails utterly if you and I have different power levels to begin with.
An example will make this clearer. You’re stopped by a police officer, who demands to see identification. Divulging your identity will give the officer enormous power over you: He or she can search police databases using the information on your ID; he or she can create a police record attached to your name; he or she can put you on this or that secret terrorist watch list. Asking to see the officer’s ID in return gives you no comparable power over him or her. The power imbalance is too great, and mutual disclosure does not make it OK.