According to Blakley’s assertions, identity management today is based on a “push” model as IdM applications centrally store user entitlements and those entitlements are “pushed” out to the applications so that users with the appropriate rights can access them … Blakley contends that this model is broken and that a new identity paradigm needs to emerge now. One where user access privileges are “pulled” at the time of use to the application or service the user wants to consume…

Why does this sound so eerily familiar? We had that same argument in the early days of OpenID! (For one thread, see here.)

My argument at the time was centered around LID and is the same as Bob’s: Pull is vastly preferable. With the widespread implementation of oAuth (which follows the pull model) and corresponding lack of OpenID AX implementations since (using push), I think I rest my case.

The sad part is that it’s 4 or 5 years later, and only now is that same discussion starting in the enterprise. Why did it take so long? Even back then, we weren’t exactly trailblazers: arguably the web’s (HTTP’s) success depended wholly on it being built around pull … even for things like RSS feeds that arguably look like “push” to the user.

Today, Rackspace and a few other companies apparently announced a new Open Stack, which has nothing to do with the old one. Instead, it appears that the Number two player in cloud servers (#1 is Amazon, #2 is Rackspace) is getting heads-first into an API war with Amazon (and Eucalyptus) over how to interact with cloud servers.

Interesting … let’s hope this stack stays up!

Update: here’s the announcement:

Today is a big day for Rackspace® Hosting. We announced a new project that we believe will change the way the cloud is developed and it’s called OpenStack™ – an open source cloud platform designed to foster the emergence of technology standards and cloud interoperability. In short, we will be opening code on our cloud infrastructure for public use.

The initial components being released through this project include the code that powers our Cloud Files (available today) and Cloud Servers (expected available late 2010). This project will also incorporate technology provided by other open-source projects. We expect to be joined by leaders in the technology industry and others to drive a deployable totally open cloud solution through this project.

Why are we doing this? Historically, most cloud offerings have been built on proprietary or closed platforms that create lock-in and make migration difficult. With OpenStack, any interested party – including our peers, Solution Partners and customers – will be able to collaborate with us to author, improve and expand OpenStack technologies.

What does this mean for our customers and Solution Partners?

No fear of lock-in
Flexibility in deployment for a highly elastic commodity cloud
A bigger, more robust ecosystem for more tools, better capabilities and a stronger platform
Freedom to decide how you want your cloud
OpenStack is an innovative, open-source cloud computing solution for creating, managing and deploying scalable elastic cloud services. Through the ongoing development of this project, we will be able to drive greater industry standards and help increase the speed of cloud innovation. As the leading specialist in the hosting industry, it is simply our responsibility.

In addition, we look forward to bringing enhancements made to the OpenStack project to our own product offerings in the future.

We are excited about this new chapter in Rackspace history and even more thrilled that you are able to share it with us. If you have any questions, please contact us here.

Sincerely,

A. Lanham Napier
President & CEO

But it is also the worst. To quote Phil Windley’s summary (go there, read the whole thing, it’s worthwhile):

InfoCards are largely dormant at this point. Kim Cameron, the father of InfoCards, has abdicated to France…

The only other player, Azigo, isn’t releasing updated selectors either… All of this adds up to a situation where no one would be comfortable adopting InfoCards…

OpenID continues to thrash towards becoming a viable solution. The politics surrounding OpenID are worthy of a soap opera…

If Phil had the harsh words for Cardspace and information cards this week, I guess I had the harsh words for the OpenID camp last week, calling what’s being developed there the Open Pile: turns out not one person (neither on the blog, nor in person) that I talked to this past week disagreed with my diagnosis; most agreed enthusiastically. But then everybody tends to turn around and has great fun adding more overlapping versions of protocols to the pile. Somebody go figure, because I don’t get it. How do we accomplish our vision of portable internet identity if we add more incompatibilities and never remove any?

So where does this leave us? Twelve steps forward and eleven back, taking two detours in the middle. Or something like that. The movement goes on. Thrashing, like a soap opera, as Phil says. There’s a pony in there somewhere waiting to come out, as John Panzer commented. Well, that pony better be patient.

Ehm, I mean the Open Stack, sorry about that, a slip of the tongue here. The community has been working together hand in hand to define these exciting new standards, singing kumbaya all the time, how can you not have implemented them and look your manager into the eye?

So let’s get started right away. You need to implement OpenID for login, with NASCAR buttons so it’s easy for your users, not too many, not too few, and yes, a text field for those other identity providers, with of course a non-Javascript fallback, and information card detection in case somebody runs Vista or is an AAA member, and OAuth, well, there are several incompatible versions just like with OpenID and of course you have to support 2, 3, and I don’t quite remember how many more legs, which should of course do the hybrid with OpenID, rooted in cutting-edge discovery in all the needed ways: just three ways from Yadis, two from OpenID, some new well-known locations with LRDD and sometimes you have to check with Google directly, of course you have to be prepared to accept URLs, e-mail addresses, PPIDs and unreadable URLs as identifiers, claimed and proven, I’m sure your website folks figure out how to map them to their databases in no more than a few weeks, then you automagically (imagine!) get your user’s first and last name and e-mail address via SREG or AX (but there might be incompatible schemas) or Portable Contacts or Microformats, yeah, no provider supports all of those and many don’t support any but that’s just an implementation detail, and boy all the great info you will get via xAuth any time soon now and then you can publish activity streams and you even will make the Salmon run upstream! It’ll be SO GREAT!!

If I knew how to draw cartoons, I’d have a field day here.

No wonder Facebook is winning with a proprietary stack.

As we go into IIW next week, guys, it’s time to get real. It’s either we cut 80%+ off this pile, and make the remainder actually work, or give up. I just hope there won’t be proposals for more protocols next week. What about we all propose which 90% of our favorite pet projects we are willing to kill? The alternative, I’m afraid, is the way UNIX has been going in the face of first NT, and then Linux. “Open” means nothing if it’s just a pile.

P.S. Thanks to Kaliya for encouraging me to get this off my chest and annoy some people if it has to be that way.

Titled, “It’s Not Your Relationship To Manage”, it has plenty of quotes from Doc Searls and the VRM community. Not a hint of critizism that I can spot in a CRM magazine?

VRM has come a long way. Congrats Doc!

Well, it’s the kind of conference in which you skip sitting in the audience falling asleep because the speakers drone on or the panelists are just trying to get you to buy their products. It’s the kind of conference where people speak about what you want them to speak about because you make them to! In other words, a conference that is actually worth attending in person to instead of just watching and fast-forwarding presentations on YouTube.

In a couple of weeks, what looks like the first true unconference on NoSQL and Big Data is going to take place:

I’m planning to be there. I hope to discuss with other attendees things such as:

• key-value stores, document databases, graph databases, column stores etc. are all NoSQL databases. When and why would I choose one vs. another?
• is there a future for NoSQL in the enterprise? Which vendors? What business models?
• what are the requirements for data architectures in the cloud?
• what can we do to drive business adoption of Big Data technologies?
• how does Big Data relate to user-centric data and user-centric web applications?

I’ll bring a few slides on graph databases (such as InfoGrid), too, in case anybody would like me to talk about that. Most of the time I hope to spend discussing and learning and jointly exploring, however, as it usually happens at unconferences.

It will be moderated by good friend Kaliya Hamlin, who has a knack for making unconferences work. (I know, I have gone to all 10 of her very successful Internet Identity Workshops so far.) I’m looking forward to it. She tells me that a leaders and committers of a number of successful NoSQL open-source projects are already registered, so if you ever wanted to corner them for longer than just a few minutes in Q&A, this might be your chance!

See you there!

NoSQL databases are a perfect disruptive technology in Clayton Christensen’s Innovator’s Dilemma model
…
I’m predicting that the relational database is going to die.

Read more.

I still think it is <<insert strong adjective here>> that none of the major content companies other than Google have in any way supported Google’s stand here. At the very least, they could publicly say that they admire Google’s point of view. It costs them nothing, and does have an impact as we can see from some of the rather angry official Chinese utterances on Google’s stance lately.

In an act of desparation, I tried the exact same command with the exact same client certificate on Linux, and it worked.

So I downloaded MacPorts, built curl from there on OSX, and it works. No idea what happened, Google is of no help. I’m mostly posting this that others with my problem can find it.