The Filter Bubble by Eli Pariser shows some of the implications of personalization, especially for the public discussion and our community political discourse. Google is one example, where the search results differ based on geography, previous searches and many many other factors.

When we first started work on federated identity and attributes, we thought the primary use for attributes would be authorization: granting or refusing access. We were wrong. In the first two years of handing out attributes, we discovered that personalization is the primary reason for requesting information about a person. Attributes are used for personalization, and controlling attributes is under-estimated. We need to work more on attributes and how to share enough information without revealing too much. Cross-site scripting is a security threat, cross-site personalization is a risk to our integrity.  Personalization is available on most modern web sites.

The Filter Bubble points out some of the dangers for our society as the news streams get fragmented and we slide into ghettos where there is no shared reality anymore. Shared reality is important for democracy, as we need to sort out where our choices are, during a public discussion.

My sister is a public servant, working for the Norwegian government. Someone set off a bomb just outside her office less than a week ago, because he hated the current political regime, killing 8 people. He then went on to the Labor Youth summer camp, killing 68 (current number, there are several missing persons), where he was arrested. All the evidence reported by the media points to a person who has been living in a filter bubble with a strong reinforcing feedback hatred for Muslims, as explained in the Guardian by Thomas Hylland Eriksen. The terrorist has been using anonymous discussion forums online to confirm his ideas and get ideological backing. Conspiracy theories flourish in such environments.

The Filter Bubble on our Internet gets really scary when we encounter:

  • There is no transparency, we do not know how reality was altered to fit us
  • The invisible ghetto I live in have walls, and I believe they are the end of the world
  • We have no interest in our community and cross-partisan discussion fail to deal with large (and small) political issues
  • Personality tests used for job interviews gets replaced by an interpretation of the bubble the job applicant live in (there is probably an app for doing this, at least in the US, where such information is for sale). Knowing about your bubble gets more important than knowing you.
  • Critical thinking is made more difficult by incongruent information, since search results and news flow differ significantly

Google launched testing of google+ last week. One interesting feature is the concept of circles: sorting your friends into friends, family, acquaintances and cool-people-to-follow. The interface for sorting friends is OK, and I may add my own circles.

The idea of using circles got me thinking about overlaps and how the circles could overlap. Most of the right’s management we are using today always starts out with a well defined root and hierarchical structure under the root.  I believe we need circles of rights, not hierarchies. I say this having worked both in the enterprise environment, social networks and for cross-organizational solutions. Bull’s eye is composed of concentric circles, exemplified by True friends within acquaintances/buddies/friends. This is similar to the traditional hierarchies in LDAP servers, who in practice limit us in what is easily done. Even for other services we tend to limit ourselves to this way of thinking, for example are there very few customer relation clouds that let you assign a person to two different organizations. Relations are normally with a person, not with a graph. I need persons assigned to multiple organizations because so many of my customers have more than one job or are in the process of fusion/fission for their organizations.

Child play is what Google+ circles look right now: disjunct circles you can skip around in. There is currently not much more than twitter lists or Facebook lists in the functionality. So why do I bother to spend time thinking about the potential? Because something needs to be done with the user interfaces for sharing information, and the Circles is a new kid on the block.

Some of the functionality I like about circles

  • Visual guide for who is in what circle
  • Drag and drop interface, still needs quite some work before escaping beta
  • Ability to put people in multiple circles
I think Google should not aim for the bull’s eye, but rather aim for something usable in everyday life, something more like child’s play.

Do not disturb my circles

Are we ready to take up the challenge of using flat space for rights management? It depends on the user interface, and the way circles are implemented today are several steps away from what we need

  • Visualization of circles overlap: Venn diagrams
  • Ability to weed out persons/circles (everybody but my cousin will get the funny pics, I want to closely follow my close friends but not the chatty girl posting too many updates)
  • Sorting the list of circles, and adapting the sort to usage patterns
  • Importing (and searching) from a variety of circles: people who get the same email, lists from other sources, people who live in my area, teams, my co-workers etc
  • Automatic updates, reflected in the search facilities
  • Scaling, for those with more than 15 people in their lives
And all of this needs to happen without having to think too hard about how to do the right thing for me as an end user. Otherwise I’ll just not bother. Google has great intelligence for search, they need to apply that same thinking to who-gets-what in the social networks.

Forget bull’s eye, give us child’s play

If a child can play with the circles and get rights management right, then the solution is good enough. Forget about building the perfect hierarchy with the single root, and get the flow going!

Provisioning is one of the thorny issues plaguing us, and where there are no good standardized solutions. SCIM is a proposal for  Simple Cloud Identity Management, with the intent to “reduce the cost and complexity of user management operations by providing a common user schema and extension model, as well as binding documents to provide patterns for exchanging this schema using standard protocols.”

Internet2 has gathered a wiki of SCIM resources, to help higher education follow the development.  Some of the advantages of the SCIM proposal seem to be

  • REST-support
  • standardized API for cloud-ish functions
  • claims to be simpler, which it really needs to be, but I want to see this IRL before I believe it

The main problem is that installing a new interface on core components (local LDAP-servers, identity management solutions) who are crucial for the day-to-day operations of the organizations involved is not an easy undertaking.  The lead time for serious changes to that part of the infrastructure is at least two years, in my experience, even for small changes like updating schema across multiple organizations.

Kantara Initiative announced this week that CA Technologies, IBM Corporation, SAP AG and UNINETT pass Kantara Initiative SAML 2.0 Full-Matrix Interoperability Testing, SimpelSAMLphp was chosen as an open source solution to join in the testing, after submitting a proposal for why it is key federation software.

SimpelSAMLphp 1.8 passed Kantara Interoperability testing, and does conform to the IdP lite and SP lite profiles of SAML2.0.  This means that our drive to support federated login in a multi-vendor environment has taken another step in the right direction. Many of the federations in higher education operate with a software monoculture (using Shibboleth, which is really good software), but I believe that for federated solutions to permeate every necessary application we must work with a plethora of solutions. It is most important for this to happen on the service provider (SP) side, since the variations on implementation for web applications is huge.

Student mobility is on the rise.  There are a number of different factors interacting, all contributing to the

  • More students in the Erasmus program, now around 200000 students every year
  • Flexible study programs, where part of the education is given by a university not in the same town or even the same country.  The Nordic master programme is one example of join Master ‘s programmes of higher education
  • Project work across institutional borders is rewarded, for example for graduate students involved in research.
  • Going (back) to college for more education is more common, as the skill sets and the learning we need to be comfortable in a complex world challenge us.

Students from outside our universitites need access to both campus services and off-site applications. One challenge we face is how to integrate students from “foreign” origin into our campus identity management systems.  Nothing is more foreign than the institution in the neighbouring town, as their practices confuse us by being similar, yet different.

Some promising work that is ongoing in our community

  1. Cross-federations with the same attribute set (eduPerson) enable an easy way to add users to an existing service.  Prime examples are Kalmar2 and eduGAIN.  The national federations within each country have mechanisms for sharing attributes based on eduPerson, with several extensions. Kalmar2 has made a comparison of key attributes in the participating federations.
  2. RS3G work on exchanging student records on the European level, by feeding information between the student registry systems.  In Feide the student registry systems are the authoritative sources for campus identity management, so if the information is present in the student registry all is well.
  3. REFEDS where the operational federations meet to sort out how federations may help with live scenarios like increasing student mobility.
  4. Technical work on Identity Provider discovery and in Kantara on Universal Login Experience, attacking the student mobility scenario from the user interface and giving the student tools to sort out rights and identity management.  The other side of this puzzle is the rights management, where there is still work to do.

There have also been some work in STORK on student mobility, but so far involving individual universities, interacting with national government eID, without reaching the national level.

I believe in running code, and solutions that get used. This will probably involve the formal student registries, and some sort of interaction from the students with the federation functionality.

The conference I am participating in yesterday and today use the standard name tags: white paper with name.  But they printed the family name first, and then the other names.  This is amazingly confusing!

It got me thinking about the cultural bias we have when thinking about names.  Some of my name assumptions are:

  • First name comes first.
  • First name exists, and is OK to use when I have been introduced and talked to someone (except if I am abroad, as foreigners have different rules)
  • Family name comes last, and is sometimes changed when getting married.  Family name often indicates where in the country you come from, as shown by the name of the shape and etymology
  • Nickname is an ugly habit, used to spite people (I know this is different in the US, but I grew up with “the potato” and his son “small potato”, and trust me that these were not friendly names)
  • Middle names are a mess.  This is partly a function of the Norwegian legislation which for many years lumped an optional second first name (unless a hyphen was used between them), additional first names, and the second family name together in a single middle name category.
  • Naming children after grand parents is the proper way of naming children.  I am named after my maternal grand-mother.  My parents run out of grand-parents in the naming game, so my youngest brother (child number 5) is named after my great grand father.  It is also possible to name children after dead siblings.  Other people name their children according to fashion (celebrities,  royals, even using foreign names)

Cultural use of names differ enough that the semantics of name fields is a mess, as illustrated by the LDAP specifications.  In Feide we have added a new field with the full formal name (norEduLegalName), an attribute that has not been specified before.  The flip side of this, is that the importance of displayName, showing the preferred form of the name, gets more important.  Quite a few people have embarrassing middle names where the social cost of changing the name is too high (my mother has a second first name, named for her grand father, this name is somewhat hidden for casual use).

Yesterday’s newspaper had a good rant in the letters to the editor about stupid enterprises, where more than 60% had not outsourced their email to the cloud yet.  It got me thinking: Are the enterprise managers avoiding the cloud stupid?  Or might they be reacting according to some of the basically sound principles for security

  • If I do not understand it, avoid it. True security assessments can only be made for things I understand. Since the cloud email solutions are somewhat new, they tend to get bitten by this.  And some of the business models are not well understood, or well explained (for example: paying with your personal information or your clicks, as opposed to paying cash).
  • If it is too good to be true, it is too good to be true. Avoid deals that are too good to be true,  in this case free (or cheap) email.
  • Giving the US government access may not benefit my business.  The Patriot Act and other regulations give extensive access to infrastructural components, including cloud servers, even if they are not located in the US.  Oh, and this goes for a number of other governments as well, I am using the US as an example since most major cloud suppliers are governed by US law.
  • What is the bribe level for gaining access to my data? A month’s paycheck will get you access in many countries, and in low cost countries the bribe level may be too low for you to expose your data to the country.  Some West-European banks outsourcing operations to Ukraine ran into this thinking in the security audit.
  • Unclear value chain may turn out to be expensive for me in the long run.  My business intends to be here for the long run.
  • What happens if they loose my data?  What do I know about their backups?

Most if this boils down to how to trust something ephemeral, like a cloud.  Personally, I like clouds.  But I have taken the time to read and study up on them, and not every manager out there has the time or the same policy inclination I do (weirdly, some people do not read cloud audit guidelines late at night).

It turns out, that yet again, people are not stupid.  Even managers are not stupid.