Monthly Archives: June 2008

Personal liability for orphaned accounts?

Here is an interesting question:

But what about you and your personal liability? If you leave a company, and your ID stays behind, and stays active, are you liable if it’s used for bad purposes? Personally, if I were doing something “prohibited” I’d much rather be using an ID belonging to a departed employee or contractor.

As a consultant, I deal with this issue a lot. On multiple occasions, I have returned to a client months or years after leaving, and discovered that my old accounts IDs and passwords were still valid!  So, my current policy is to send the company an email, (receipt requested) telling them that I am leaving, and formally request that they de-provision the accounts. If I could put the account in a shredder myself, I would. If only there WERE a virtual account shredder I could use!

I doubt that there would be any legal liability if your old accounts got used for illegal activities. Your good name and reputation could well suffer, however. Still it’s a very interesting issue.

When I used to work on provisioning systems I used to joke that IdM is really all about de-provisioning. Most companies don’t care it takes you two weeks to get all the resources you need, but it better not take even two minutes to turn them all off when you leave.

Maybe it really is all about de-provisioning after all.

Cool Quiver of IdM Arrows

OptimalIdM just announced their latest offering, the Virtual Identity Server for Enterprise Group Management. This product solves a very specific pain point for many enterprises: synchronizing user membership in AD groups based on external identity information. Their product integrates with Microsoft ILM and is also available as stand-alone service.

I am going let my inner comic book geek out for a moment. In both DC and Marvel Comics there was an archer super hero (Green Arrow and Hawkeye respectively). These heroes not only had the ability to hit any target with unerring accuracy, they also had a quiver of specialty arrows that met specific needs. Arrows that delivered an electric shock, spread entangling nets, exploded, whatever was needed.

OptimalIdM seems to be turning into the Green Arrow/Hawkeye of IdM Vendors. In addition to their Virtual Directory, they have been busy rolling out a cool quiver of point solution arrows. You need AD group membership management, they have an arrow for that. You need to deploy SharePoint across multiple siloed forests, they have an arrow for that. Need to deploy an application that requires AD schema extensions your AD group won’t put in, they have an arrow for that too.

Afterall, who really needs the Hulk when a less destructive solution is at hand.

[Full Disclosure – the founders of OptimalIdM are former coworkers of mine at OpenNetwork Technologies.]

Don’t just do something, stand there!

The FCC is apparently going to take proposals about what to do about product placement advertising. Unfortunately “do nothing” never seems to be an acceptable choice of action for the government. My prediction: this will result in yet another useless disclaimer page that will show for a couple of seconds before every broadcast and cable show. This disclaimer will tell everyone what they already know; the products appearing in the following program are there because the vendor paid for them to be there.

Yet another sliver of our time wasted because the government can’t stay out any aspect of our lives.

ESR, Heller, and Civil Disobedience

Eric S Raymond celebrates the Heller decision and hopes to be a test case in PA. If I had to bet between Mr. Raymond and the state of PA, my money would the on the Unix guy.

Age verification information cards

Mike Jones has this interesting post about an age verification service based on information cards from Idology. Although not yet available for use, this service does look intriguing.

WALL-E let me down

First, let me say I am big Disney and Pixar fan. Also, like most computer geeks, I love science fiction. So I was looking forward to WALL-E with great anticipation. Perhaps too much so. Even Pixar can’t be expected to hit a home run every time.

Still, what a disappointment. Even my wife and kids didn’t like it, and they are bigger Disney and Pixar fans than I am.

The graphics and visuals are stunning. With each movie Pixar raises the bar as to what can be done with computer graphics and they did so again. But the bleak dystopian vision of the future is quite depressing.

Minor spoilers below:

The plot, minimal that it is, is basically:

  • 1) Generic Walmart like corporate takes over the world and pollutes it to the point that it is no longer inhabitable
  • 2) Over the next 700 years humans (having taken refuge in space) become fat, stupid, hover-chair bound blobs dependent on robots
  • 3) Through the heroics to two pluck robots they find their way back to earth are inspired to repopulate it

That Disney of all companies would make a movie with an anti-commercialism message is hypocrisy of heroic proportions. If you can manage it, skip the theater and buy the DVD at Walmart (irony intentional).

A small bit of irony

If you want to leave a comment on the Information Card Foundation blog, you can log in with OpenID but not an Information Card. Hopefully that is in the works.

Will Big Brother be listening?

Here is an interesting article on research in the Surveillance Kingdom (SK) on adding audio listening capabilities to CCTV cameras:

Researchers from the University of Portsmouth in the UK are working on refining AI software that currently allows the cameras to identify visual patterns associated with law-breaking. The plan is to add an audio capability, so that the noise of breaking glass (for example) would cause the camera to take notice and alert an operator. Eventually it is hoped that the AI software would be even more sensitive, according to Dr David Brown, one of the researchers, speaking to the BBC: “Later versions will get cleverer as time goes on, perhaps eventually being able to identify specific words being said or violent sounds.”

Oh what fun could be had with a flash mob armed with tape recorders.

Perhaps a real Enterprise 2.0 application

A lot of what is touted as Enterprise 2.0 is just regurgitating a Social Network concept in a limited fashion. I don’t find corporate Wikis or other collaboration applications any more interesting than Microsoft Sharepoint or Messenger. That’s not to say they aren’t useful, I just don’t see where the real innovation is.  

But here is a possible enterprise 2.0 application that just might be the real deal. ManagedObjects is releasing myCMDB which turns the normal CMDB process inside out and puts managing the CMDB in the hands of the employees via a social networking interface. I haven’t looked into this in detail so it’s hard to tell how much is real and how much is hype at this point. It’s also too soon to tell if the social networking model will really work for managing a CMDB.

But it’s the most interesting Enterprise 2.0 application I have seen so far.

Interesting times in InfoCard land

Burton Catalyst is going on this week and as usual there are more identity happenings that a poor blogger like me can keep up with. Unfortunately I am not attending this year which makes it even harder to keep up (this first one I have missed in a while).

One big news item was the announcement of the Information Card Foundation. You can read about it here, here, here, here, and here.

Another big item was the announcement about Microsoft HealthVault supporting not only Information Card authentication, but OpenID authentication as well. The decision to limit HealthVault OpenID authentication to a white list of just two providers has some (like Paul Madsen) hot under the collar.

Interesting times.