Oh well, I finally sat down and took the time to convert my aging main web site into something more dynamic. Since my - overall - quite reliable hoster gives me free PHP5 and MySQL databases, I took a closer look at Drupal, given its overall support, ease of use and add-on module availability. My first impressions are quite good: it was easy to get up and does not seem to be too hard to administer. Converting my exising HTML went well, although the default editor (or more specifically: the Drupal filters) have a tendency to get in the way at the beginning.

Now, one thing I will probably spend a little time on over the next few weeks (time permitting - haha), is to develop a somewhat more reasonable authentication scheme for my various web properties. I have a happy collection of PHP apps, this .NET based blog, and also some custom Java apps. So far there is really no identity management in place; a fact that has been a sore for a while. A simple SSO authentication scheme across these difference platforms is a panacea, but it should not be to difficult to achieve. I am looking actively into using Oauth or SAML as the token format, and a simple RESTful transport.

tags: web site identity saml oauth rest

Times are changing, and people have to change with it. Doh - another pearl of obvious wisdom, but there is an interesting application to the work life: while regular employment might change rather abruptly, business and community relationships usually do not. So while you might no longer be working for a particular company (say, Sun, for example), you would still be interested in continuing your work in a particular area of interest (say, identity, for example).

In this spirit, I decided to join the Liberty Alliance as an individual member. The new structure of the organization, combined with a reasonable fee schedule allows me to continue my formal relationship with one of the more comprehensive identity consortia currently in existence. While I have not yet quite made up my mind on how this engagement will be, I know that there are a number of current project in TEG and IAEG that stir my interest.

One of the most interesting developments in Liberty right now is the realization that a RESTful approach is quite necessary to extend from an enterprise-centric identity management system to one that can scale up to the needs of health care providers and governments. The need for a lightweight IdM and federation framework is indisputable, and the GSA and Internet2 have already demonstrated that the existing feature set in SAML2 is sufficient to build a meaningful federation. However, it will take the legal and business rules framework of the IAF and related efforts to extend these technologies into the realm of social networking and eGovernment where you cannot rely on having a mutual trusted partner in identity.

So, going forward, it will be a lot of fun to dabble with the same technology, only now from a slightly (or not so slightly) different angle. 

tags: project liberty identity rest

Wow - what a week this was... I have been through quite some ups and downs, and that is not even mentioning the fact that the U.S. got a new administration.

Bad news first: not only did I have a mild form of food poisining (not that there was anything 'mild' about it, but I heard it can be much worse), but I am also affected by the workforce reduction at Sun. Yes, that's right... after a meager 11+ years I am on to new adventures elsewhere. To all those that I have been working with: it was a very interesting and mostly fun ride. I really had a sense of being able to work on something big and accomplish a lot, but the energy and the creativity at Sun was very inspiring. I met a lot of smart people there, and I hope that I will have the chance to continue working with them, one way or another.

Going forward, I see myself continuing on the themes that I have been dealing with for a while now: interoperability, web-centric (now cloud) computing, and the related identity and security aspects. There is a lot of work ahead, and I am quite determined to continue contributing. 

Since my age-old email at Sun will cease to work soon, you will now be able to reach me though an interim alias: work-at-removethispart.beuchelt.com^[1]. I am also on Facebook and LinkedIn, so please feel free to connect with me:

http://www.facebook.com/people/Gerald-Beuchelt/615829807

http://www.linkedin.com/in/beuchelt

With more time on my hands for now, I will also start spamming your RSS readers... just kidding - but I will write more here now, so stay tuned.

But now for the good news: yesterday my application to become a U.S. citizen was approved and - assuming all goes well - I will take my Oath in early March. Contrary to its horrible reputation my experience with USCIS (formerly INS) was actually quite good: yes, they are bureaucratic (you should have seen the piles of files they had on me), but overall the process was quite efficient and fast: it will have taken less than 6 months from sending in the application to my Oath ceremony.

Interestingly enough, my becoming a U.S. citizen will also open new doors on the job market: as of March I will be able to get a security clearance, work on certain government contracts, etc. The timing could not have been better.

tags: identity management naturalization workforce reduction

[1]Sorry for putting the "removethispart" subdomain in - obviously it is only beuchelt.com after the @ sign. 

UPDATE: Many thanks to Tim Bray for highlighting this note in his (most unfortunately rapidly growing) Stray Sunbeams series!

There has already been quite some discussion on how to get Windows 7 to run under VirtualBox (bottom line: it works - just install it). Here is a litte add-on to this discussion: Running Windows 7 Beta 1 under VirtualBox on Solaris 10 U5 over a SunRay terminal (exhale....).

Now, since I had tried Vista under VirtualBox, I was not expecting anything (except abysmal graphic performance), but - lo and behold - I was quite positively surprised: the install was complete smooth, and the VirtualBox Vista drivers worked like a charm, once I was using the compatibility mode with Vista (right-click the executable on the mounted ISO image, select Properties and the Compatibility tab, select Vista, close everything and then simply double click to install). Without this trick, the VirtualBox installer would complain about not supporting Windows 7 yet.

Overall performance was pretty much as expected: a lot better than Windows Vista, and about the same as Windows XP. Now bearing in mind that the SunRay system is not exactly targeted at power users for CAD applications, and you will arrive at a the conclusion that Windows 7 Beta 1 under VirtualBox is a logical step from running Windosw XP in the same scenarios to deal with those 7 applications that you just cannot find in open source. If Windows 7 actually came in a freeware version, it could actually be worthwhile upgrading those legacy HDD images. But then, Microsoft has shown over the last few years that they are capable of learning, so I will not loose my hope ...

Seriously: if Windows 7 has a similar performance and resource demand profile as the beta versions, it has a good chance of convincing me to attempt another upgrade. Just one thing will be crucial: application backward compatibility.

tags: Windows 7 Sunray Solaris VirtualBox

The workshop on Open eGovernment is starting right now. Here is my slide deck, for all that might be interested:

MIT MediaLabs - Open Identity Archtecture.pdf (1.01 MB)

Soon after this is complete, the entire workshop will be posted on the MediaLab webpage - please stay tuned for the link.

tags: identity management policy

As part of the new U.S. administration's BigDialog and Open Government technology agenda, the CommunityCount web forum is polling for issues that are relevant to the identity management community. If you want to make you voice heard with the transition team and the next CTO and science office staff go here, put in your questions and issues, and vote on the others.

Here is my contribution - please vote.

tags: identity management policy

For our current internal project, I needed a way to display images within a Java Swing application. There are probably as many solutions to this out, as there are swing programmers, but here is a quick way to get this done, that solves my two major issues:

Resizable, i.e. when the panel changes in size, the image changes along.

Integratable with NetBeans, especially with the Matisse component designer.

This worked for me:

public class ImagePanel extends JPanel {

    private Image image;
    private Image displayImage;

    public ImagePanel() {
        super();
    }

    public ImagePanel(Image image) {
        super();
        this.image = image;
        this.displayImage = image;
    }

    @Override
    public void paintComponent(Graphics g) {
        fitImage();

        while (!g.drawImage(displayImage, 0, 0, null)) {
        }
    }

    @Override
    public void setSize(Dimension d) {
        super.setSize(d);
    }

    private synchronized void fitImage() {

        if (image != null) {
            int imageHeight = image.getHeight(null);
            int imageWidth = image.getWidth(null);

            double ratio = ((double) imageHeight) / ((double) imageWidth);

            Dimension d = this.getSize();

            double height = d.getHeight();
            double width = d.getWidth();

            if (height == 0 || width == 0) {
                height = this.image.getHeight(null);
                width = this.image.getWidth(null);

            } else {
                double tempH = Math.floor(ratio * width);
                double tempW = Math.floor(height / ratio);

                if (tempH + 1 > height) {
                    width = tempW;
                } else {
                    height = tempH;
                }
            }
            displayImage = image.getScaledInstance((int) Math.floor(width), (int) Math.floor(height), Image.SCALE_DEFAULT);
        }
    }

    public Image getImage() {
        return image;
    }

    public void setImage(Image image) {
        this.image = image;
        fitImage();
    }

Note the while-loop in the paintComponent() method. Without this, you will only get partial image updates, since the drawImage() method on Graphics runs in the background. For very large images or latency sensitive applications this might be an issue, but for my application this is quite acceptable.

In order to integrate this class with NetBeans, you create a Swing JPanel with the graphical designer, and set the "Custom Creation Code" for that panel to be your ImagePanel. Within the code, you can now easily cast to ImagePanel, thus giving you the full image functionality, while not sacrificing visual design.

tags:java swing image panel NetBeans

    I love foundational discussions - they always have the potential to fundamentally change my world-view, which is quite stimulating.

    Radovan picked up on my little piece on reputation. In particular he suggests that the question "What attributes should be influenced by reputation and what should not?" does not make any sense.

    I fully agree with this statement, but not necessarily with all conclusions that Radovan draws. As I see it, the question is not what attributes of an entity should be influenced by reputation, but much more about what attributes can be reasonably approximated by a mean-value approach such as reputation.

    In Radovan's example, the height of a given person can be precisely determined (up to an error margin, that is part of that measurement). The result of such a measurement--as long as it is reproducible--is the objective value of the attribute "height". It does not make any sense to attach a reputation to this value. But you can attach a reputation/"credibility score"/whatever to the measurement process (this is typically done through the specification of the error margin), or the faithfulness of storing this information in a given storage system (e.g. through the reliability score of this provider, determined by averaging over the subjective reliability score given to the storage system by its customers/clients). The aggregate "reputation" of this process (measuring, recording, storing, reproducing) can then be used to calculate the "reputation" of you saying that I am 147 cm tall.

    But--and this is important: your statement about my height (or the aggregate statement of the community about my height) does not influence the fact (if you want to use this hopelessly overloaded term) that I am 187cm tall.

    This is fundamentally different from what might happen with other attributes: for example, let us look at my "reputation for drawing aesthetically pleasing pictures". While I ( or my daughter) might be convinced that I have a rather high score for this attribute, the rest of the world might beg to differ. My community-wide^[1] reputation as a gifted painter could thus be much lower. Note that I do not have any reasonable recourse: there is (fortunately) no final authority, or repoducible process that can determine a definite value for this particular attribute.

    Nevertheless, for such non-CFD, mean-value attributes you still face the same issues that you do face for objective attributes: there is the change of recording or storage failure, and thus other factors that might ultimately determine the reliability of a "reputation as painter" score I might have.

[1] Note that at this point it becomes very important to define the correct domain of your mean-value process, i.e. you have to fix an ensemble.

    Paul proposed a conjecture regarding the validity of using reputation systems in the context of identity systems. This (and some discussion on the IDGang list) inspired me to dig again through some of my notes regarding the ontology of physical reality (and thus--by extension--quantum theory).

    My personal position in the discussion on the most sensible approach to physial ontology was always firmly rooted in the realist corner: I completely reject positivism and--mostly-- empiricism on fundamental principle. There is no doubt in my mind that there is an objective physical reality, independent of human (or any other) observer^[1].

Reputation in information systems

    Now, a reputation scheme can easily be interpreted as mechanism to determine the value of an entity's attribute by averaging over the subjective values of that particular attribute, as seen by an ensemble of parties interacting with the entity in question. So, for example, to determine the "trustworthiness in business transactions" of user A of an auctioning site, one can average over the subjective opinion of business partners of user A on his trustworthiness.

    This approach is valid, and as many social (or even business) sites indicate very useful. It can be applied reasonably well to attributes of an entity that are either non-counterfactual definite (i.e. completely subjective), or not measurable by an objective and reproducible measurement approach.

    "Trustworthiness" is a good example for a subjective attribute, and credit-worthiness of a company or individual might be an attribute of the later type: while the fundamentals of a company determine its ability to shoulder a certain about of debt without collapsing, there is (to my knowledge) no definite algorithm to compute a simple "creditworthiness" attribute. However, the averaging over the credit ratings from different rating agencies (i.e. a kind of "credit reputation") is normally a good approximation of this attribute^[2].

    However, there are some attributes that cannot be averaged over: those attributes are counterfactual definite, i.e. objective and can be measured by a repoducible mechanism. A good example for such an attribute is my physical height,  my employment status with a given company, or my gender. All of these might change in time, but at a given point in time, they can be easily determined and have an objective value--even if nobody measures it. Applying a mean-value approach to these does not make any sense.

    One might interject, that for such a counterfactualy definite attribute there might be a different perception of its value with other entities. For example, while my actual height is 187cm (~ 6' 1"), some people might think that I am taller or shorter.  Now, my actual height does not change because a number of people are thinking so. It is my perceived height that changes and this attribute is entirely different from the former.

    So, in the end it is very important to evaluate carefully if a given attribute of an entity in an information system lends itself to be used in the context of reputation systems. In some specific cases this does make sense, but in others it is entirely pointless.

[1] Yet, while realism is vital to my world view, I am much more inclined to abandon local reality than counterfactual definiteness.

[2] The current financial quagmire is an example of how such a reputation system can fail.