After suggesting the general OSIS session at IIW, I obviously was obliged to run the session as well. Overall, I think that the session was sucessful - although I believe that only those that have been working in the context of OSIS for a while have been really satisfied.

One of the things that have been requested during the session was a somewhat comprehensive, yet high-level overview of the OSIS "sector" of the identity landscape. I tend to agree. While those that have been involved in OSIS  and some of the projects associated with OSIS are starting(!) to get some shared understanding of what OSIS is about and how things relate to it, many people in the industry just don't. [1]

Unfortunately, we did not have the time to "bash" Johannes' overview talk on OSIS, which I found to be a reasonable first introduction.

So allow me to making an attempt to clarify the "elevator pitch:

OSIS is a - intentionally - fairly informal working group under the newly formed identitycommons. Its short term goal is to facilitate the creation of an InfoCard compatible client that is fully interoperable with Microsoft's Windows CardSpace implementation. Down the road - as soon as we can present some tangible results on our first goal - we intend to broaden the scope and will include OpenID, Liberty and other open source identity technologies to create an open and interoperable general purpose identity SYSTEM.

The way to achieve these goals (i.e. the facilitation) is by providing a place to discuss the needs, status and goals for all OSIS projects. In particular, OSIS will not:

• create profiles or standards
• attempt to force its consituents to develop into a certain direction
• provide a comprehensive administrative and legal framework

The biggest value-add of OSIS to me is its informal participation structure: this allows a fairly free flow of ideas between technologists that are trying to get things to work with each other. Politics and religion stay (largely) out of this by design.

[1] Yes, OSIS does have a charter under IDcommons. However this charter is not really a good high-level overview in my opinion. In fact, the charter really underlines the informal character of the group by being *really* open-ended.

Interesting news from the Compact Framework group: They are planning on releasing a subset of WCF on the Compact Framework (i.e. their mobile edition). This is quite interesting, not the least because a lot of their mobile devices are frequently used in a disconnected mode and only updated at scheduled times. One solution to the problems that arise with this mode of operation is the use of SMTP as a transport protocol for SOAP.

In a recent school shooting in Germany, a troubled and bullied kid went on a killing spree, wounding 37 and killing at least himself. He was apparently disillusioned by an economic situation that would have sent him straight from the school into unemployment. This is very sad and a horrible waste of talent that no modern society can really afford in an age of global competition.

Now, after the desaster, politicans across the board are trying to "understand" what happened, i.e. come up with lame excuses for their incompetence and offer rash, unreflected but popular strategies to address the issues. Germans - with their tradition of state control and a somewhat troubled history of civic freedoms - have an universal approach to this: Verboten! As such, it is not surprising that first-person shooters (such as e.g. Half-Life or Quake) are targeted for censorship.

I do not want to argue about the pedagogical value of such games. However, in a society where freedom is considered one of the fundamental values [1], censorship is not an option. I do think that access to violent computer games should be limited to adults and that children should be educated about proper use of modern media in school. But teletubbyfying entertainment is simply ludicrous.

The gravest failure lies with the parents, and to a lesser degree with teachers and local society as a whole - they are co-responsible for the failure to educate this young man and offer him a future. At the end of the day however, he pulled the trigger - so the primary responsibility lies with him - and certainly not with the game industry or with the Internet in general.

The proper questions to ask would be: Why did the parents allow him play FPS for such a long time? Why did they not recognize that he had social and academic problems at school and react accordingly? Why did the teachers not discourage bullying at an early stage? And finally: how long will Germany continue on its current trajectory, where qualified labor is desperately needed, but the structures in education and the labor market are so inflexible that talented young people do not get the chance to excel and pursue happiness?

[1] Germany national anthem begins with "Einigkeit und Recht und Freiheit ...", i.e. "Unity and Justice and Freedom ...".

After some extended time without any new entries, I am back. Besides being insanely busy with all kinds of work for the last couple of weeks, I am going through a somewhat stressful personal time: a close family member is going through liver cancer and it is not yet clear what is going to happen. In such times it is really reassuring to have colleagues that are quite understanding, so thanks to all of you.

On more technical side, I have been playing a lot with the (now released) Windows Communication Foundation.. congratulations to the entire Indigo team for delivering the product. Also, Windows CardSpace is occupying a lot of my time and last, but not least, there is the ASP.NET AJAX Beta 1 which came out recently, along with the production release of NetBeans 5.5, the official start of the Interop Vendor Alliance, open sourcing Java ... and so on.

I hope to be able to put down a few interesting things in the next couple of days - however, tomorrow and on Friday I will attend the Higgins face to face meeting in Cambridge, MA.

Today I sent a mail to OSIS-General on using OpenSSO for the Identity System/Selector that we are trying to build:

We at Sun would like to offer/suggest OpenSSO (
http://opensso.dev.java.net/) as a open source project within the OSIS
framework. I believe OSIS could benefit from the technologies that are
either already implemented within OpenSSO or 'very soon to be released',
including SAML 1.x, SAML 2.0, ID-* etc. For additional information on
OpenSSO, please take a look at Pat Paterson's blog at: 
http://blogs.sun.com/superpat/entry/recently_asked_questions_on_opensso
and 
http://blogs.sun.com/superpat/entry/first_multi_protocol_federated_ident
ity. 

Given the existing large code base of OpenSSO (and still growing), we should be a significant step ahead in the goal of creating a OSIS. 

My paper on persistent AJaX is to be published in the Research Disclosure Journal. Please find it here.

There are no new additions, just a formal publication.

Here is my mail to Mike Jones on the OSP:

Hello Mike - 

First of all this is most excellent news - and I am looking forward to
seeing those protocols being implemented by a large number of market
participants. 

However, I do have a few questions that you might be able to clarify: 

1. For the purposes of OSIS, there are some components in the WCS that
do no seem to be covered, in particular the InfoCard specifications,
including schema and the visual components for the card selector UI.
Will this be covered by a separate covenant?

2. Also, the language of the OSP mentions that only Necessary Claims,
i.e. those REQUIRED in the specs are covered. What about OPTIONAL, etc.
portions of the specs?

Thanks a lot, 

Gerald Beuchelt 

At this point I would like to thank Mike and also Kim for their work on getting the WS-* protocolsl into the OSP and - hopefully - all the other specifications that will follow