Posts tagged Identity
With Google’s Knowledge Graph, Wikipedia’s Wikidata and Wolfram|Alpha’s database (that supports Siri), the efforts to make the world understandable to machines are making information on entities and everything about them instantaneously available.
View full post on Search Engine Watch – Latest
When they were introduced, Chromebooks made sense as a Google-branded evolution of the netbook for the tablet shy. But in 2013, consumers still don’t understand why there are so many versions of Android - much less what Google’s Chrome OS is or who it’s for. With the Chromebook Pixel, Google’s cloud-happy notebooks have created a full-on identity crisis.
Chromebooks Are Already Confusing
Following a leaked video and a typically detail-sparse report from The Wall Street Journal, Google has launched the Chromebook Pixel, an HD touchscreen notebook that will run on its Chrome operating system and retail starting at $1,299. The Pixel, with its high price and Google-built bare bones operating system is an odd bird. With a 239-pixels-per-inch display, the aptly-named Pixel one-ups Apple’s 13″ Retina MacBook Pro and its (paltry!) 227 PPI seemingly just for the hell of it.
Oh, and it’s a touchscreen, too, meaning you can smear your fingerprints all over that beautiful display.
The touchscreen means that beyond “taking on” the Retina MacBooks, Google’s Chromebook Pixel will also compete directly against Microsoft’s over-hyped, overpriced Surface tablets. But for all the buzz around hybrid devices that blur the line between notebooks and tablets (Lenovo Yoga, anyone?), consumers don’t seem to have the same hunger for them that they have for “pure” tablets.
The advent of the touchscreen notebook was a weird side effect from 2010-era iPad panic – there’s no evidence that consumers even want a device that combines the power of a laptop with the finger-friendliness of a tablet. And if there was, a pricey notebook with a kajillion pixels running on the hamstrung Chrome OS probably wouldn’t be it.
Missing The (Price) Point
Want a powerful notebook with a (pretty) nice screen for around $1,200? Buy the $1,199 13″ MacBook Air. Want to spend a little less for a slightly weirder device, or hung up on Windows 8 for some reason? Buy a Surface Pro. Drunk? Buy an Ultrabook!
Google has gained market share in recent times by offering well-built, affordable alternatives. Android tablets like the Nexus 7 and even existing entry-level Chromebooks can chip away at the competition because Google can afford to undercut the its competitors on price – the most important spec of all. The Chromebook Pixel seems to have forgotten that lesson.
At $249 and $199, the existing Chromebook line is a smartly priced alternative for users heavily invested in Google’s cloud ecosystem. Starting at $1,299, Google’s touchscreen Chromebook Pixel can only hope to attract inebriated would-be power users who wandered into the wrong aisle of Best Buy.
On the Venn Diagram of people who need a serious computer and people willing to put up with the limitations of the Chrome OS, that little center slice is altogether empty.
Photo by Mark Hachman.
View full post on ReadWrite
Sneak peeks into the soon to be released book, “The New Digital Age”, by Google executive chairman Eric Schmidt, confirm what many industry writers have been passionately clattering away about for months now. Google+ is an identity verification network. As the network continues to grow, content associated with a verified identity will rise to the top [...]
The post Eric Schmidt Confirms Identity Verification Impacts Google Rankings appeared first on Search Engine Journal.
View full post on Search Engine Journal
Last week’s news that China is planning to restrict the use of true anonymity for its Internet denizens sent collective shudders throughout the human rights community – and may have piqued the interest of Western corporations seeing a huge sales and marketing opportunity.
No one with any sort of soul could have been happy about the news on Friday that the Chinese government would be requiring Internet users to provide their real names to Internet service providers, apparently the latest in another round of crack-downs to push down pesky opinions against a government that continues to crack down on citizens.
Open Is Hard
China is something that I continue to watch with interest. Having watched the zenith and the fall of the old Soviet Union, I have the layman’s sense that China is holding on hard because they know full well what happens when restrictions are eased. The Soviet experiment in glasnost made that abundantly clear.
Thirty years after the glasnost policies helped widen the cracks in the Soviet political foundation, China is facing a similar problem. It wants to lock down control of its citizens, but it desperately wants to be a player on the global stage. The problem is, the economy of the world is increasingly dependent on technology and the Internet, something that reeks of openness and transparency. There are differences, of course: the Soviet Union tried glasnost from within, and China is trying to deal with openness from without, but the end result may be the same.
Most China pundits also see this particular round of regulations as a short-term solution to the growing problem of exposed scandals within their government; scandals getting back to the Chinese public at-large through the Internet, who have in turn been commenting on the events with increased vigor. It is expected that requiring real names to be collected by Chinese ISPs, regardless of whether a pseudonym is used online, will put the kibosh on such commentary and more.
Who Else Could Benefit
While we get to watch China pull yet-another smack down on freedom of expression, the cynical side of me also has to wonder is outside corporations might not see these newly strengthened policies as an opportunity. When I first read the news coming across the wire last week, my very first thought was that China’s announcement sounded just like Google Plus’ identity policies.
I’m not sure Google would appreciate their identity policy being equated with China’s, but if you sign up for Google Plus or other Google services, somewhere along the line you’re going to have to tell them your true identity – or take great lengths to fake Google out. We can argue the merits of this, but for now if you want to swim in Google’s pool, this is the price of admission. We’re told it’s to keep things civil, but knowing the Internet habits of one Brian Proffitt and what he might like to buy could be worth a lot of money, too.
Looking at the policies for Google, Facebook and other social platforms where identity is the real currency to be sold to advertisers and marketers, how could any such vendor be able to resist an entire nation of identified Internet users? The opportunities would be huge.
To its apparent credit, the Chinese government seems to have already anticipated this issue. When the new rules were announced, strong admonishments were issued for any Internet service provider that might care to start selling this valuable information.
Given its value, one wonders how long this professed practice of protecting Chinese identities will last. It should not surprise anyone to see new policies in the future where China will partner with “friendly” multinationals to allow the sale and trade of identity information for marketing and advertising. It’ll either be the Chinese government alone, or a revenue-share plan with the private ISPs to make the deal work for both sides, but it’s bound to happen. Corporations have no souls, after all.
History has shown that the Chinese government is no less interested in generating revenue than any other political entity, and if such revenue generation were to come at the expense of monetizing its citizens’ identities, well, what are they going to do? Complain?
Image courtesy of Shutterstock.
View full post on ReadWrite
The NSTIC (National Strategies for Trusted Identities in Cyberspace) the online Identity verification program is no longer a theoretical probability, the NSTIC is here and in go mode, thanks in part to Google. So now what?
View full post on Search Engine Watch – Latest
Passbook’s flexibility, combined with its on-deck positioning in iOS, will make it a powerful tool for users to organize all of their coupons, gift cards and loyalty cards. As such, it will help these products get over the hump of mobile adoption.
View full post on Search Engine Watch – Latest
It’s a fundamental law of tech business: Grow or die. Few online companies are better examples of that maxim than Amazon, which has made a habit of venturing boldly into new markets. But the online retailer’s recent initiatives have brought challenges, including eroding profit margins and entry into markets where it lacks leadership. Has Amazon’s incessant growth become a liability?
For years, Amazon was known as, first, the premier online bookseller and eventually a realiable, low-cost and easy place to buy everything from MP3s to electronics to groceries. The company expanded in a careful, considered way that led to years of slow, steady growth.
Even as Amazon dominated those early markets, it moved into new areas. At first, these expansions met with similar success. The company began offering startups access to its formidable tech infrastructure through Amazon Web Services, a business that contributed $1.1 billion to revenue in the first six months of this year.
The company moved into hardware with the Kindle ereader. It introduced the device just as smartphones and tablets were gaining popularity. But Kindles sold well, driving sales of Amazon’s Kindle books as well.
The past year or so has seen Amazon expand into even more markets, putting it face-to-face with entrenched competitors. It began offering streaming video to its Prime subscribers, taking on Netflix and Hulu. It introduced the Kindle Fire tablet, jumping into a cuthroat market dominated by Apple’s iPad and populated with myriad Android tablet makers. In recent months, it has started offering social games through its recently launched Amazon Game Studios. It’s looking into producing TV shows. It’s setting up storage lockers in 7-Eleven stores to speed deliveries. It may be pushing into mobile advertising to help cover the costs of making Kindles. Most audacious, it seems ready to introduce its own smartphone.
Amazon typically doesn’t expand haphazardly. Even when it moves in an unexpected direction, the action is usually related to technology it has already developed. Amazon Web Services opened computing and storage capacity to the public that Amazon had built for its own use. The Kindle was the low-cost platform Amazon created to take advantage of its ebooks.
But to position the Kindle Fire as a low-end tablet, priced at $199, Amazon had to eat a lot of the manufacturing costs. That helped push its operating margins down to 0.8 percent last quarter, from 2 percent a year earlier.
Indeed, analysts are bracing for Amazon’s first net loss in over nine years. What’s more, the early surge in Kindle Fire sales is slowing significantly this year. And it may taper further now that Google’s Nexus 7, starting at $199, is gaining in popularity. Revenue growth slowed to 29% in the second quarter, compared with 51% a year earlier. And Amazon is bracing for the inauguration of online sales taxes in many states.
Yet, Amazon is expanding aggressively in the face of these challenges. Capital spending rose 70% from the first quarter, mostly a result of building infrastructure to support Amazon Web Services.
As Amazon expands, it also faces challenges that are less financially measurable but still important. For most of its 17 years, it has led markets that it sometimes created. But the markets it’s pushing into now – streaming video, cloud computing, tablets, games – are established. Here, Amazon’s relentless focus on cost gives it an advantage, but probably not the decisive clout that it enjoys in online retail. Some segments of its business, notably smartphones and tablets, are littered with well-designed and well-financed products that couldn’t compete with leaders like Apple.
If Amazon comes to be perceived as an also-ran in many markets, its brand could be affected. The company once known as the world’s premier online retailer could become a tech company with its fingers in too many pots. Tech companies that set agendas, like Facebook and Google, have clear missions and identities.
Amazon once had a clear identity. But the more it grows, the more it’s starting to look like its mission is just that: to expand where it can.
View full post on ReadWriteWeb
There’s one big problem with the growing number of cloud-based applications and platform services, and it’s growing faster than its prospective solutions: They typically handle authentication for their users by themselves. And when they do enable OAuth or another method to share authentication duties between services and sites, their implementations are sometimes cumbersome, and too often users don’t even notice the option.
Ideally, you should only have to log in once: when you begin your session with your PC, tablet or smartphone. The single sign-on (SSO) ideal is not just about user convenience. Implemented correctly, it could prevent a user’s session from being remotely hijacked by a malicious user. Microsoft will be assembling the tools for services to enable some kind of SSO with its upcoming Windows 8. But the viability of those tools will depend not only upon, once again, how well services implement them, but also whether users will trust Facebook, Yahoo, or Microsoft itself to vouch for their identities. Today, there are a multitude of alternative architectures put forth by services opting to be your one source for identity, and ReadWriteWeb has chosen to spotlight three of them.
Radiant Logic RadiantOne
My friend and colleague David Strom introduced you to Radiant Logic last July. As you may recall, it offers what it describes as “identity-as-a-service,” and its customers are enterprises looking to federate their employees’ identity across multiple applications, both in the cloud and on-premise.
The “as-a-service” phrase is a surprising choice of words from a company that came to be known, and still is known, for providing on-premise identity management tools. How does Radiant Logic manage to provide a service it depicts as inside the firewall, from a cloud-based location that’s most definitively outside?
“It’s a tough thing to do, but if you look at most enterprises today, they have 80%, 90% of their infrastructure inside the firewall, on-premise,” responds Dieter Schuller, the company’s VP for business development. “You can’t just flip a switch and move everything off-site into the cloud and still have what you have running today.”
Michel Prompt, Radiant Logic’s CEO, demonstrates for us his company’s concept of virtualized identity – providing each enterprise application, both in and outside the cloud, with a token in the format it expects and accepts. His example depicts four classes of prominent Web applications, all of which handle authentication internally, and all of which manage identity criteria for themselves. On paper, they all support some form of identity federation, but in the end they each expect your identity to be “consumable” in a different format, often with varying degrees of content. The challenge for any federation service, Prompt explains, becomes keeping up with the ability to translate identity into the formats all these apps expect, as your business’s apps repertoire grows and more identity formats are added to the mix.
The second challenge, Prompt continues, is for the federation service to maintain links between all the different formats, and tie those links to maybe more than one directory service. Microsoft utilizes Active Directory (AD) for Windows, and all of Windows Server’s per-user policies regarding permissions and restrictions are tied to each user’s AD entry, as well as her Windows password. Oracle Directory Services and Google Apps Directory add their own variations on the theme, even though all are (on paper) implementations of LDAP.
So Radiant Logic’s RadiantOne platform, while marketed “as a service,” is actually implemented as an “identity hub” whose communication with both cloud apps and on-premise apps takes place with a traditional service (by the Windows Server definition), one that truly does reside on-premise. And while RL gets your attention by marketing its identity service with the hyphens still attached, the actual job of servicing takes place between its virtual directory service component VDS and the applications, wherever they reside. VDS presents a picture of AD to whatever identity system knows how to translate its preferred format for AD.
It’s still a federation service, maintains Prompt, because it performs the functions that any other federation service provides. But it does not have to be “architected” by the IT department; it provides this service dynamically. He admits that his company is moving away from the “as-a-service” distinction for RadiantOne’s on-premise hub, in favor of the phrase “federation identity service for the cloud.” But it’s not purchasable as a service, or on a subscription basis. Today, he says, it’s not practical to place the hub outside the firewall because of all the synchronization that’s involved in maintaining identity (the clock is indeed one factor), “and it could even be quite dangerous. It’s not that we don’t like the idea of hosting it on the cloud.” Reality, he says, mandates that the hub be deployed internally.
Because the exchange process is encrypted, OneID CEO Steve Kirsch explains to us, the repository itself doesn’t actually have access to its own contents. So unlike some certain social networks or search engines, OneID itself has no intentions to leverage users’ identities as a database unto itself. But the decryption process takes place on the client side.
“When I need to get an attribute and give it to a site, I go get the encrypted stuff from the repository, I decrypt it here, and then I send it to the site,” explains Kirsch. “So the site never interacts directly with my repository. The site’s always interacting with me, and I’m always interacting with my repository. That’s why it’s called user-centric, because I’m always in the middle of any transaction.”
One of the compelling aspects of OneID’s take on identity is that it applies to people. You’d think that would be obvious, but in practice, typical identity federation associates passwords with users’ accounts. Although in Windows, accounts are portable across computers, there’s still a concept of a “desktop,” a virtual device, associated with each user. By contrast, OneID assumes accounts are associated with people. So attributes stored in the repository that may be used to automatically fill in forms (which OneID calls AccuFill), are associated with people who may logically be associated with more than one device at a time. That makes sense in the real world, where people have PCs, tablets and smartphones, and where new classes of apps are transferrable between them.
One upshot of this architecture, Kirsch shows us, is that it enables a cross-device audit trail – a way for anyone, from anywhere, to see who has logged in as him from which device. Kirsch demonstrated for us a situation where a user can remotely disassociate a device that has been utilized to log onto services with OneID. Alternately, a device can be remotely registered into OneID by way of a pairing process that resembles logging in a Bluetooth device. This way, only permitted devices may be allowed to log in as particular people.
Ping Identity PingOne
We’ve covered PingFederate, Ping Identity’s federation system, previously in ReadWriteWeb. Since then, the company has inaugurated its new cloud-based identity platform, PingOne, which may or may not be federation by the traditional definition.
PingOne is a cloud-based implementation of the company’s adaptive federation scheme, and it challenges the notion put forth earlier that the component that communicates identity must exist inside the firewall. The new service truly is a service by the new, cloud-oriented standard – literally a RESTful API. Enterprises that already utilize a SAML security infrastructure can simply assert their existing identities to PingOne; otherwise, as Jonathan Buckley, Ping’s VP for on-demand business, tells us, Ping provides alternate tools through which existing apps are effectively rerouted to PingOne for identity.
“You don’t even need hardware, software – you don’t even need to know what SAML stands for,” says Buckley. “However you connect to it, PingOne multiplexes that assertion such that you can connect once and be able to reach many customers or applications. This is where the cost and complexity of federation held back standards-based federation from penetrating meaningfully into the mid-market in the past couple of years.”
While very large organizations have already supported the SAML standard, and continue to, Buckley says that in cases where 100 or more connections are made simultaneously, on-premise federation can be too tasking. “In the end, we found our biggest customers said, ‘I would like to make these ten directly, but is there a way I can get out of doing the one-to-one-to-one-to-one networking for all these departmental applications, or for my customer applications?’ And that’s where PingOne comes in.
The upshot of this new scheme is a feature called CloudDesktop, which effectively extends identities for multiple popular cloud apps onto a control panel that can be accessed from iPads. Here, the desktop provides the single sign-on system. But as Ping’s director of product management, Sateesh Narahari, tells us, it’s up to the administrator to enable each user’s paths to enterprise apps, putting IT back in control.
“The way PingOne solves the problem of one-to-one connections is through multiplexing by using SAML,” says Narahari. “The task of multiplexing and managing connections is something that the administrator does.” When the admin does set up connections to 100 different SaaS vendors, each one requests a different set of attributes. The admin can use the PingOne console, he explains, to define each attribute set. The end result is “an easily consumable cloud desktop that’s built for the cloud generation,” that the admin can designate for specific employees. “End users do not need to know that those connections are multiplexed connections.”
“With PingOne,” remarks Buckley, “we said, ‘How is it that we can drive towards a sort of Fisher-Price simplicity?’ In IT, everybody attempts that… But with our 49 beta customers, it seems that we’ve dramatically driven down the time to implement and the sophistication required to grok what is going on and then implement it for the company. You can stick with standards, stick with best practices, and leverage technology to make things simpler, versus putting time into developing a password vaulting solution – which we’ve always been tempted to do, because sometimes things are hard. And then we found a way to have… better security, better convenience, without so much of the hassle for that mid-market company.”
View full post on ReadWriteWeb