|
 |
 |
| |
Going Places. Destination Yet Unknown.
Blue Ocean and Avoiding the Glass Ceiling
I often get asked, "aren't you worried the big guys (IBM, Oracle, Sun etc.) will just come in and crush you?"
I've thought a lot about this question over the years, and my answer has evolved over time, as I've had a chance to observe how larger companies deal with emerging markets.
My current insight is that in rapidly evolving spaces, ones rich with room for innovation, offer a fair amount of blue ocean for start-ups to expand into before larger companies are able to mechanize their formula for steam-rolling a particular sector.
I'm not saying big companies don't innovate, many do, but it appears quite a bit harder to do than within a small company, and many simply don't do it poorly.
I call this the glass ceiling phenomenon. When the headroom of innovation ceases to exist (the use-cases are all accommodated, and the game turns to pure distribution), you can set your watch by the amount of time a newbie has to make hay. I don't see that glass ceiling approaching in Internet-scale identity any time soon (at least 3 to 4 years). In fact, I believe we've barely gotten started. Internet SSO is just the first of many complex problems that enterprises will need to solve as they effectively weave themselves into a fabric of inter-connectedness across the Internet. We've got a long ways to go before we have the federated identity life cycle (and all that this entails) figured out. Not just at the B2B level, but at the B2C level as well. We've got federated user provisioning, federated web services, federated authorization and role management, enterprise / web / desktop mash-ups, federated networks, federated risk management, compliance, audit, monitoring to figure out, and the list goes on and on.
Small, focused, innovative companies like Ping thrive in these rapidly evolving environments. Environments where the increasing rate of change is the only constant and customers are willing to pay a respectable amount to have their emerging network-based problems solved in a timely manner.
As I've instructed my crew, we're in a marathon, not a sprint. While we need to be cognizant of our market stagnating, I don't think it's going to hit us for some time.
The big don't eat the small, the fast eat the slow.
NEW: SignOn.com now supports SAML & Google Apps
Our guru's of advanced identity work and labs, Ashish Jain and David Waite just completed a new release of SignOn.com. This time, they added PingFederate to the mix, which in turn adds SAML single sign-on to SignOn.com's capabilities. Specifically, the integration allows users of SignOn.com to SSO into Google Apps. Details are here.
It's really fun to see the whole identity mash-up in action. Even if the use-cases are narrow and limited at this stage, you can see the islands being stitched together.
Scrappy Ping
Woke up this morning to a Google Alert of Sun taunting Ping -- again. I'm not exactly sure what the challenge is this time. We don't employ any flash animators, and we're pretty busy federating people.
But I have to admit, I really like being called 'scrappy'.
"product doesn't matter"
I sat on a federation vendor panel in Munich a few weeks back, and following my comments to the audience about Ping's focus on building simple products that speed time-to-connect with partners, one gentleman who represented one of the suite vendors actually said,
"... I don't think product or 3 days or 5 days to production really matter to customers..."
I'm not exaggerating, he actually said that! Of course, our 215 customers and counting beg to differ.
SSO Summit Agenda & Discussions
We've finalized a great list of speakers and case-studies for this years SSO Summit,
taking place in Keystone CO on July and 25th. Case Studies on
everything from ESSO to Federated SSO will be presented by the likes of
General Motors, Chrysler, Deloitte, Rearden Commerce, Prudential Insurance, Wyeth and 3M. In 30 minutes, each case study will cover project scope, business drivers, problems addressed, hurdles surmounted, what worked and didn't and lessons learned.
While the perspectives and case studies will no doubt be very good, I'm really looking forward to the open discussions, where we'll tackle:
- Single Sign-On, Reduced Sign-On, Simplified Sign-On, Zero Sign-On – which is right for you?
- Describing the business value of your SSO initiatives to the CIO
- What’s next for Web Access Management SSO?
- Kerberos everywhere – true statement?
- What’s the ‘holy grail’ for Enterprise SSO – we‘ve been trying for 20 years!
- SSO for Web services?
- Single Sign-On’s role in Governance, Risk and Compliance (GRC)
- PKI or Federation -- which is right for me?
- SSO for non-browser clients – PDA’s, RIA’s, Phones
- Leveraging NAC Authentication for Single Sign-On to Apps
- Where do OpenID and InfoCards fit?
- SSO for partners and customers – why bother?
- Enterprise 2.0 and the Web 2.0 mash-up – how do we do SSO for these?
- What is Oauth and where does it fit into your web services SSO initiatives.
- The role of claims and the security token server in web services SSO
Munich
I just returned from the 2nd European Identity Conference in Munich. I came away very impressed not just with the quantity, but innovation going on in the field of federation. It's as if the cultural diversity in Europe is driving a lot of innovation in the space, which I think will be healthy for the industry overall. Munich is a beautiful city, so I was sure to bring my camera with me this time, but unfortunately the weather didn't cooperate. I did however get a few interesting photos worth sharing. The first nearly escaped me. It was located down a dark narrow passageway some 30 feet from a side street. I was lucky to see it.
"Piss-Off"
A gentleman came by the Ping booth at Software 2008 and asked Andrea how
long it took make a federated connection. He was with a large insurance
company that had 40 people dedicated to a federation project with 40
connections to make. He said they had been working on it on and off for years.
When Andrea responded, "...less than 30 days", he replied,
"...piss-off! You're kidding right? They lied to me!". We got a good
laugh out of it and a new prospect.
Yea, we do it in less than 30 days all the time. Try us.
Software's Half-Life
I was speaking with a high ranking individual at one of the platform vendors yesterday and the conversation diverged into a series of rather targeted questions aimed (I believe), at discerning whether or not Ping appreciated the dynamics (and possible tension) between any ISV in relation to their platform vendor.
Without being quite this direct, the questioning essentially got to, "...are you smart enough to recognize you need to continually move up the stack in order to stay out from under our steam roller."
Any software entrepreneur who's been around for a while quickly realizes that you can never rest. We're all on a rat wheel, and you've got to keep your legs moving. The value of software has a half-life. The second you ship a feature, the commercial value begins to decay. In 18 months, it might be worth half and in 36 months, it's completely commoditized.
The key to survival then is to understand where you are in the stack and the speed with which the pieces underneath you will undermine your value. One of the undocumented benefits / features of Software delivered as a Service is that it bi-passes some of the erosion effects I'm describing here. That is, until someone figures out how to deliver not only free and open software, but free and open services. Oh yea, that's Google.
Warren Buffett
I’ve read about, but never anything directly from Warren Buffet.
After reading this years shareholder letter however, it’s no wonder he runs one of
America’s most admired companies, is the world’s richest man (again), and so
admired as a human. He represents everything worth aspiring to in a business
leader with integrity and humility. I’m in awe of this person.
Ping Identity Acquires Sxip Access SaaS Business from Sxip Identity
In the past year, I've come to appreciate something many CEO's at one point learn in their careers. And that is, there are stages in the growth of a business, which though not exciting, and are in fact indicative of growing viability and maturity. The stimulation so abundant by default with a startup, simply gives way over time to a different sort of reward, that of doing something really well, repeatedly, and satisfying the needs of your customers, one customer at a time. Building a real business requires that you never tire of simply listening to customers and committing to their support after the initial sale. This stage entails a lot of patience and endurance.
Every once in a while however, an opportunity comes along that allows you to really accelerate your business. In the six years that I've dedicated myself to Ping Identity, I've only seen a few of these opportunities, but none so aligned with what we were trying to achieve here at Ping Identity as today's announcement.
So it's with great pleasure that we announce the acquisition of the Sxip Access business from Sxip Identity. The Sxip Access business consists of the single sign-on, provisioning and de-provisioning software, appliance and hosted services of Sxip Identity, which serve enterprises using software-as-a-service applications. The acquisition will strengthen our relationship with existing Sxip Access partners such as salesforce.com and Google, and will accelerate our commitment to enabling secure SSO to SaaS providers, an area we believe enterprises increasingly will value as they extend their identity and security infrastructures to encompass these new services.
I've known Dick Hardt the founder and CEO of Sxip Identity for several years now, and have a tremendous amount of respect for his intelligence, fortitude and contributions to the education and protocol development of identity industry. He has single handedly educated the universe of people beyond the identity ecosphere with his world-class presentation on Identity 2.0, something I feel Ping Identity and many others in this industry should be very thankful for.
As part of the acquisition, we will take over the existing customer relationships and support contracts of Sxip Access users, and will work with these businesses, and our existing PingFederate customers, to understand how the new Sxip Access software, appliance and hosted technology can help solve a growing portion of their immediate and future problems.
Also worth mentioning is that while the opportunity to acquire both customers and technology was certainly attractive, none of these would have been of value to us without the opportunity to work with the talented people behind the technology, sales and support. The opportunity to hire and work with these individuals is highly valued, and our new team members will no doubt help us manage and grow the business in the coming months.
Read full press release...
Costa Rica
I just returned from a family trip to Costa Rica. It's the first time since an adult that I've vacationed with my parents, but it was my second time to Costa Rica, which is definitely one of my favorite places on earth. The country is clean, the people friendly and the land, farms and animals are a throw back in time. Below are a few of some of the newly created memories. If you care to see more, I've posted them here.
Single Sign-On Summit Launched
In cooperation with our sponsors (Covisint, Passlogix & Sun Microsystems), Ping Identity today launched the Single Sign-On Summit, a new industry event dedicated to single sign-on. The event will take place in Keystone Colorado in July. We're really excited about this event, because for the first time, we're going to have enough time to go deep into all things single sign-on, the most widely deployed use-case of Identity Management. For complete details, visit the website.
We're not just smart, we're buff too!
Sun threw down the gauntlet the other day with a pretty funny video describing the epic battle between our companies.
The new Mac's we bought for engineering came in handy in preparing a response. Let the games begin!
View the Epic Battle!
Sun discovers Ping's Foo
We may be small (by comparison), but we've got game. Our magic's just warming up.
http://www.youtube.com/watch?v=LN8-YZhmLv4
Find your foo
The other day I was talking with Quinn, a friend, about talent and passion. His observations and insights reflected something I've been thinking about for a few weeks, and it prompted me to share.
All of us have some unique talent, our special foo. Not all of us find it. Some of us find it, but don't exploit it (what a pity). For those that find it, and get the opportunity to exercise it in their daily lives, here's something to think about.
Stop listening to others - your averaging yourself to the mean! It's not that input is bad, in fact, its statistically been proven that seeking expert input in decisions where you don't know the answer will significantly improve your outcomes. The key to this sentence is, "...where you don't know the answer." There's a piece to every decision and every outcome which has the opportunity to be truly unique, special, in a way that only you can contribute to, following your talent and passion can get you there.
When you take too much input, in an area where you are uniquely qualified to make an atypical decision, whatever magic you might have brought to the table will inevitably be muted, averaged, some of the specialness stripped out. Most of the truly unique things that people accomplish are done with singular clarity (group triumphs and epiphanies exist too by the way, we're not talking about those here). Not everyone may like what you choose to do, so what. Some people will love it!
I call this phenomenon being 'averaged to the mean'. If you want a run of the mill outcome, where risk has been statistically driven out of your formula, go ahead, ask others their opinion, average those opinion's into your thinking, and average yourself and your decision to the mean. But if you want to be extraordinary, and have an extraordinary outcome, find that intersection where your talent, passion and ability to decide uniquely intersect, and then hold your ground! Great leaders will recognize talent, and they will encourage and reward you for making a stand. Following your passion is the road less traveled. It won't necessarily lead to fame and riches, but it might lead you to happiness. If you play it right, I'll bet it will lead you to fame and riches too, and it will most certainly lead you to happiness.
As a side note, I believe the trick to all of this is maneuvering yourself into a place where your talent, passion and ability to make decisions all intersect. You may or may not be in that place today. If you're not, then following this advice blatantly could have an undesirable outcome. It's possible that you actually have no foo (life's not fair, some people are tall, small smart, some beautiful, some born rich). But I doubt it, I actually believe that everyone has some special foo, whether or not it's marketable, or people value it, is another question. It's possible that you are not in a position to exert your special foo within the organization, or it's possible your boss is simply a moron and doesn't recognize your talent. Whatever the reasons, identify where you're off, and build a plan to move yourself into the sweet zone, the intersection where your foo (as also recognized by others), your passion, and your ability to exert influence all intersect.
As a person in a position to assist, my mission is to help people find their foo, and then move them into a role that allows them to exert it, that's easier said than done, but it's what I strive to do.
PingFederate 5.0 with Auto-Connect Released
Ping Identity today released the largest and most significant upgrade to PingFederate in our history. PingFederate 5.0
with Auto-Connect eliminates the need for manual configuration of SAML
connections when establishing secure Internet Single Sign-On. The new
version of PingFederate also has advanced clustering and data-center
features, making it really scalable, yet really fast to deploy. But don't take my word for it. Download it today, check it out, scan the manuals and judge for yourself.
Steve "mess with the bull you get the horns" Adams
My history with Steve goes back nearly 9 years now. He was founder/CEO of Webb Interactive (parent of Jabber, Inc.), which acquired my first company Durand Communications back in March of 1998. I married his assistant, Kim Gunning, and Steve is now the God parent of our first born, Parker.
Our families are close, and our daughters consider Keenan (Steve's son) their brother. We have a tradition that when it blizzards in Denver, we jump in the car and head to Steve's house, to camp out and play Xbox, Rock Band and basically screw around with our many and varied hobbies.
Steve is a tremendous entrepreneur, a world-class chef, a serious fly fisherman and pretty much goes full bore into any hobby he chooses to pursue.
I caught this picture of Steve while visiting this weekend. He's got a pretty intimidating stare, which I think I captured.
Oh yea, and how serious can he really be, sitting there with his little plastic Rock Band guitar?
Shibbmaster Nate was in the house
Shibbmaster Nate Klingenstein was in the house today, training Ping engineers on how to install and support Shibb. Paparazzi Dre was in the house too, and able to catch this picture of the master at work.
Mendonca
I met an amazing boy and his father on my recent trip to Buzios Brazil. It was during a day cruise aboard a party boat, and he was the cousin of one of the gentlemen staying at our house. I am not sure of what he suffered, but the shear bravery of the boy, and love of the father was really moving. The pair reminded me of a the father / son relationship between Team Hoyt. Anyways, I just happened to catch some cool photos of this boy as he jumped off the boat and was carried up the ladder by his father, and later carried home by a helper for the family. Likely the most amazing photo I took the entire day was of him sitting at the back of the boat, at the end of the day as the sunset hit his face.
I'm in love with photography
I've found a new passion in photography. The bonus is my wife's happy with the new hobby too, a double win in my book.
I aggregated some of the more interesting shots here. Seeing these photos allows me to relive the memories, bringing a real smile to my face.
http://gallery.mac.com/andredurand#100115
View from 29
I've been playing with a new camera and took these photos from my office. The first two photos were taken this morning, and the later ones in the afternoon and at sunset.
Looking slightly Southwest from downtown Denver
Looking Northwest from downtown Denver
Sunset over the Rockies
The building next to ours
Home MacTopia
 I've reached a sort of nirvana at home with my whole computer situation. Having bought a 24" iMac a few months back, I was really struggling with how to replicate my Outlook productivity to the corporate Exchange server. Entourage simple choked on the size of my email in-box, and separate mail, calendar and contacts just doesn't cut it once you've become accustomed to the integrated workflow of Outlook.
So the other day my IT group created a Windows XP VM with VMWare Fusion. I took the CD home and within a few clicks, had a Windows desktop running on the iMac. I'm blown away at how well it works, how fast it works, and the fact that it worked without a hitch.
Keeping two monitors on my desk, but chucking my old tower, I have this insanely clean setup, and literally the best of both worlds, the iMac for all my home media and Windows for many of my work productivity apps (and any other Windows app I want to be running).
The other day, I accidentally discovered I could literally drag files between the two OS desktops, and the files converted on the fly to the required formats. Unreal!
Add in AppleTV, and my favorite family photos (with accompanied sound tracks) are now wireless streaming to the plasma in the living room. Rhapsody and a wireless cable from the iMac to the whole house Bose system and 3 million songs and tons of playlists can be listened to in any room independently.
The whole thing is friggen cool.
Federation. Choose wisely...
A random comment yesterday in our monthly off-site conjured the following visual. Actually, the image was supposed to be of a young guy and an old bearded guy, representative of what you'll look like if you pick a suite vendor to provide federation, but alas, I couldn't find the image.
I love Apple, but....
I love Apple, and I've bought a lot of Apple products recently, but the new Apple wireless keyboard is just stupid! It's fashion gone wild. What normal human can actually type on it?
It's smaller than my shoe.
It's smaller than my hands.
It needs a mic, so I could just dictate my email.
Or, better yet, perhaps it should just become the fashion accessory it really is.
Yo, what time is it?
PingIdentians Unite in PingTopia
A customer recently referred to us as Ping Identians. The shoe fits, so we'll wear it.
MacLand Smiles
A friend of mine and several former colleague's have been sharing their wisdom of Mac's for developers for over two years now. I finally woke up, and about 6 months ago, starting handing out MacBook Pro's with 30" monitors to our staff.
It's a bit early to know if productivity is actually higher, but it's sure brought a lot of smiles, and that's worth a lot.
Smiles from Ashish Jain who won this months Mac lottery.
40
...and I don't feel much different. Maybe I will at 9:49am.
Busy is good
In all my rush to "get big", sometimes I forget, it's the journey, not the destination.
Last week, all of our field engineers were at customer locations doing POC's. This morning, while chatting with one of our field engineers, I got this quote. It brought a smile.
"...we're so busy that it's reaching the point of insanity. It is great, a great time to be at Ping."
Dynamic Federation. A Game Changer?
Today's federation deployments, while secure, enterprise tested and gaining in momentum in B2B single sign-on scenarios, still lack one key networking characteristic. Namely, a network effect.
Every new SAML server which comes online today, unfortunately, is not instantly usable by other SAML installations. In fact, I'd go so far as to say that today, not only are we not achieving Metcalfe's law of network effects, I'm not sure if we're even achieving 1+1=2.
That's about to change.
We've been busy here at Ping innovating to take SAML further -- without changing the specification. We've added some conventions that when adhered to, effectively enable 'connectionless federation'. We're referring to it as dynamic federation, or auto-federation.
Depending on how you configure this new dynamic federation capability, it has the potential to significantly reduce the technical friction in federation by as much as 90%. In certain scenarios, such as enterprise use of SaaS, it holds the potential of completely eliminating the coordinated dance between business and IT folks that today must happen to make a SAML federation connection happen.
Stop the junk
As I mentioned earlier, ProQuo launched a few weeks ago to help people stop the junk mail. The service gets a new user every few minutes now. At its heart, ProQuo is a trusted identity agency with a big vision and humble beginnings. Disclosure: I'm on the board at ProQuo, which was an effort spun out of Ping Identity.
We won't rest!
Until the graph looks like this!
PingFederate - Front & Center
A recent Webinar titled "Picking the right Federation Product for the Job" by Mike Neuenschwander of Burton Group placed Ping at the center of the federation universe. It only took 5 years. :)
BarbieToken. Brilliant!
It's only a matter of time before identity tokens, like cell phones today, become a sort of fashion accessory. The company in pole position to make tokens hip is Apple of course. Imagine a new device, call it the iKey (with built in strong authentication, such as a thumb print scanner or something), looking much like a Nano, but used as a universal key to open everything in your life, virtual and physical. Leave it to Apple to make access cool, personalization hip and one-click purchasing via wireless a mainstream activity. To pull this off, Apple would have to aggregate at critical mass of relying party devices and online services. What's interesting is that Apple most likely has enough in their own universe of devices and online services to pull this off. Publish the API's to hook the device and let the world go wild. Now that's interesting, and with enough muscle, quite achievable within 2 to 4 years.
====
Barbie Becomes an Authentication Device for Pre-Teen Friendship
By Kevin Poulsen
At last, a USB security token for girls!
Pre-teens in Mattels' free Barbie Girls
virtual world can chat with their friends online using a feature called
Secret B Chat. But as an ingenious (and presumably profitable) bulwark
against internet scum, Mattel only lets girls chat with "Best Friends,"
defined as people they know in real life.
That relationship first has to be authenticated by way of the Barbie
Girl, a $59.95 MP3 player that looks like a cross between a Bratz doll
and a Cue Cat, and was recently rated one of the hottest new toys of the 2008 holiday season.
The idea is, Sally brings her Barbie Girl over to her friend Tiffany's
house, and sets it in Tiffany's docking station -- which is plugged
into a USB port on Tiffany's PC. Mattel's (Windows only) software
apparently reads some sort of globally unique identifier embedded in
Sally's Barbie Girl, and authenticates Sally as one of Tiffany's Best
Friends.
Now when Sally gets home, the two can talk in Secret B Chat. (If
Sally's parents can't afford the gadget, then she has no business
calling herself Tiffany's best friend.)
It's sort of like an RSA token, but with cute fashion accessories
and snap-on hair styles. THREAT LEVEL foresees a wave of Barbie Girl
parties in the future, where tweens all meet and authenticate to each
other -- like a PGP key signing party, but with cupcakes.
Without the device, girls can only chat over Barbie Girls' standard
chat system, which limits them to a menu of greetings, questions and
phrases pre-selected by Mattel for their wholesome quality.
In contrast, Secret B Chat lets girls chat with their keyboards --
just like a real chat room. But it limits the girl-talk to a white list
of approved words. "If you happen to use a word that's not on our list
(even if it's not a bad one), it will get blocked," the service
cautioned girls at launch. "But don't worry -- we're always adding
cool new words!"
Blown away
Yea I know, not very spooky, but Lunch just blew me away.
 Snap Observation: MySpace & Facebook
Myspace = an artistic whiteboard for personal expression
Facebook = a utility for staying updated on what your friends are up to
For the first time, I think I'm starting to get 'social networking', and Facebook is much closer to a useful tool for me. I also find it curious how one of the best features of Facebook is really a derivative of 'presence', or an ability for people to project what they're doing and where they are.
Dyslexia
Apparently, as Steve Donovan tells me, dyslexia is indeed a treatable disease, which is a good thing, as we got spanked. I owe a lot of people steak dinners, and will be serving them up with my new Red Sox colors here very soon.
SAML SSO for Google Apps
Working with Google engineers over the past few days, one of our engineers today validated the use of PingFederate for establishing SAML single sign-on into Google Apps. Using our Integrated Windows Authentication (Windows IWA) integration kit,
a user can log into Windows (to Active Directory), open their browser,
and immediately gain secure SAML access to their Google email and other
applications and documents. Below are the notes from the engineer who
validated this interoperability.
======================
Configure
an admin account for Googleapps. In the admin account, provide Google
with the URL for its SSO service and upload your public key such that
Google can verify your SAML.responses. That the only configuration
necessary on the Googleapps account.
On the PingFederate side,
create a new connection (in our test-case, we used the PingFederate IWA
adapter) and defined the entityID and ACS URL for Google.
Below are the steps that describe how this works:
- User
makes a request to reach to a Google host application. In this case I
was trying to access to Gmail account I had, and the URL for that was
http://mail.google.com/a/pingidentity.com.
- Google generates a SAML authentication request.
- We
receive the SAML request and then authenticate the user. Since we are
using the IWA adapter, the user already has a valid session.
- We generate a SAML response that contains the authenticated user's username and send it to Google ACS.
- Google's ACS verifies the SAML response using our public key and redirects the user to the destination URL.
- The user has been redirected to the destination URL and is logged in to GMail.
Of
course, you can try all of this for free, just download PingFederate,
get anactivation key, select an integration kit, and have at it. Future
tech notes and a graphic explaining what we've done will follow.
Go Rockies!
thanks mark
ProQuo Launched Today
The average US citizen
receives 44 lbs of junk mail every year, so creating a more efficient
way to actively manage the marketing offers you want is a strong start
to improving this broken paradigm.
I'm really pleased to announce that today, ProQuo launched. There's a lot of history behind ProQuo that I'll get into at a later date, but suffice it to say, the company began as a result of some brainstorming sessions we had here at Ping Identity nearly two years ago. Under the vision and guidance of Steven Gal, ProQuo's CEO (check out his new blog BrokenID), Dean Leffingwell (a Ping board member), and with a lot of hard work by the entire ProQuo team, this new service was created to provide agency-like services for consumers, helping them make meaningful choices about how companies used their personal data, beginning with a service to manage junk mail opt-out, and marketing offers opt-in.
ProQuo let's consumers choose which marketing they want to stop, and which they want to stay on (e.g., some people love their local coupons). And ProQuo will protect people with a revolutionary new privacy policy that goes far beyond any company I’ve ever seen in the consumer data business.
Personally, I think there is a strong connection with this vision, and what Doc Searls has been working on with VRM, and of course, the entire thing is rooted in identity.
Check it out
Rearden Commerce wins IDDY Award with PingFederate
 Rearden Commerce was the recipient of the 2007 Liberty Alliance IDDY award at Digital ID World. They won the award and was recognized for the speed with which they deployed a SAML-based single sign-on solution based on PingFederate from Ping
Identity. Rearden Commerce's initial deployment of Ping Identity's
PingFederate went live on July 9, 2007 and within one month, Rearden Commerce
federated with 15 companies supporting 10-20 percent of all user sessions. Through PingFederate,
the Rearden Commerce platform provides single sign-on capabilities via a wide
variety of industry open standards, including SAML (Security Assertion Markup
Language) 1.0, 1.1 and 2.0 protocols or the WS- Federation protocol, enabling
corporations to provide secure seamless access to their employees without any
additional user authentication.
I'd love to say that great software alone made this possible, but the reality is, Chuck Mortimore of Rearden Commerce is an exceptionally bright guy, who simply knows how to get things done.
More on Rearden Commerce
Delivered as Software as a Service (SaaS) to more than half a million
employees in more than six hundred companies, the Rearden Commerce Personal
Assistant leverages federation technology to help users find and purchase the
services they need based on their preferences and company policies. Identity
federation allows enterprises a standards-based approach to securely link and
exchange identity information across partner, supplier and customer
organizations. It effectively bridges separate security domains to provide
companies with the ability to secure their cross- boundary interactions --
removing friction, improving productivity, gaining efficiency and enabling
competitive differentiation.
Through the use of federation technology, organizations deploying the
Rearden Commerce Personal Assistant have been rapidly achieving high levels of
user adoption. By making it easy for their employees to find and buy services
from preferred providers offering negotiated discounts, organizations typically
save 20-30 percent on the services purchased through the system.
Defrag Me
One of my best friends, Eric Norlin, co-founder of Ping and Digital ID World has started a new conference, Defrag. It's taking place in Denver early November, and he's got quite the line-up of people attending. I can't wait, and since I've already paid, he can't accuse me of lobbyconning.
Only 4%
They installed one of those LCD screens that display a mixture of factoids and commercials in our elevators a few months back. Apparently, in a recent survey, they asked people what they thought their CEO deserved for "National Boss Day" (whatever that is). The answers, as you'd guess, were pretty funny, and only 4% surveyed thought their boss was deserving of the CEO title. Ouch. Open Source CardSpace C Library
Ping today announced the release a new open source CardSpace Relying Party C
Library. This component will help Web developers create
applications that can accept Information Cards for single sign-on.
We partnered with Microsoft to produce these C libraries, and they are designed for generic use with any Web site or service. They are licensed under the BSD license and can be downloaded at http://www.codeplex.com/InformationCard. To download a reference sample application, which demonstrates how the C Library
can be easily embedded in a PHP application, feel free to visit www.SourceID.org.
Simply Amazing
Paul Potts Video - Sharing this video is a gift.
Grays Peak
Andre Durand and Jaime (a Columbian language student) at top of Grays
Saturday I completed one of my 2007 goals as my cousin and a few friends climbed Grays peak here in Colorado. This climb was supposedly the easiest of the fourteeners, with a total round trip of only 8 miles. I must admit it was definitely harder than I had expected. Even though this was only a class 1 climb (basically a hiking trail to the top), I was simply out of shape. Two of the guys with us nearly ran up the trail, and did both peaks (see the peak in the background) and returned to the car before we were able to bang out one and return.
I was looking forward to eating an MRE I had hiked up there (spaghetti), but the weather moved in and we high-tailed it down the mountain to snow flakes as we hit the bottom. While at the top, we got a special treat and saw Erik Weihenmayer, the guy who climbed Everest blind. Having now done a measly 14k mountain, I have a whole new respect for 29k.
Transcending Your Limitations
Bernie Daina, a friend who specializes in corporate organization, was talking about what he looks for in a resume before an interview. Among other things, he spoke about looking for an individual who continually transcends their limitations.
This is a topic quite close to my heart, because, it speaks to the possibility that some individuals actual can and do fundamentally improve themselves over time.
I'm not an 'operator' CEO, and likely never will be. Fact is, I don't posses the talents of an 'operator'. But I'm tenacious, open-minded, and aware of this. When I look for partners, I look for people who fill this lack of skill.
Realizing this limitation, I've become conscious about working at it, and I'm determined improve and transcend this limitation, if not in myself, then by choosing to surround myself with operators. Will I ever be better than someone who's training and genetics are simply more in tune with world-class operator-like behavior? Never, but that doesn't mean that I can't be effective.
It's funny how people get labeled, and how those first impressions stick with people long beyond their useful life. I used to be offended when people referred to my lack of talent in a particular area as if it were a fact beyond reproach. I'm no longer intimidated by such comments, because I've come to realize that in 90% of all cases, that bias is actually true, and a reinforced and learned phenomenon. It's not personal, it's just what people have learned to be true in most cases.
I think it says a lot about a person if they are self-aware of their limitations, but strive to apply discipline and hard work to overcome them. Those are the sort of people I'd like to be around.
Checking your Virtual Ego at the Door
I was talking with a friend the other day about virtual organizations, and he mentioned something I considered hugely insightful. He's building a virtual organization, and mentioned that as a CEO, you've got to be willing to check your ego at the door, because, when you walk into your office, you won't see lots of bodies walking around your floor to feed your ego.
I am a big fan of the concepts behind the virtualized corporation, and believe there is an entire frontier of efficiency to be gained by corporations that embrace methodologies to harness talent, no matter where it resides. Think of this as "off-shoring" to the extreme.
That said, many of today's ego-maniacal CEO's are likely to have a tough time with this new paradigm. Which is fantastic news for those entrepreneurs willing to check their ego at the door, and truly disrupt the old guard.
Zen of Being All-In
 I was listening to Bernie Daina (a friend of mine) discuss the Corporate Lifecycle, a description of what any startup goes through as it matures. From Entrepreneurial (filled with Promise) to Professional (filled with Purpose) to Bureaucratic (filled with Politics) to Expiring (filled with Paranoia). One of the things he stressed was that in the initial phase of any company (the entrepreneurial phase), it is typical to find people filled with both promise and accepting of ambiguity. As the cement is not yet dry on the formula for making money, experimentation is welcome and natural part of the culture.
As a company matures, it transitions into purpose and professionalism. In this phase, the company has discovered its mission, knows where its going, and moves to consolidate its assets, narrow its focus and align its resources. Call it what you will, this is the moment when a company moves 'all-in'. Having been an entrepreneur involved in three startups now, I recognize all too well what it feels like to live in ambiguity and to hedge ones bet in the early phase of a company. Having moved beyond that here at Ping Identity, I now have a new sense of purpose and the peace of mind that I can only attribute to a mental state of 'all-in' thinking. There's no turning back, there's no alternate route, there's no hedging. There's only the one mission, and the associated obstacles which stand in your way, which will either be achieved, or not, without ambiguity. This doesn't mean you don't invest in the future, or place long-bets on potential disruptions or strategic initiatives, it just means that you understand what your purpose is, and you're prepared to give it your all.
e-Commerce Information Cards Demo
Sid from ACI Worldwide just posted the e-Commerce demo we built together for Digital ID World 2007. The demonstration allows you to download and load a bankcard into your Information Card Selector on your desktop, and then use that card to make a purchase at a fictitious commerce site selling coffee.
Wisdom of Timing by Sid Sidner
I've been chatting with Sid Sidner of ACI Worldwide this morning. Sid and ACI were our partner on an Information Cards meets Payment Networks demo at Digital ID World this past week. Sid always writes very wise and thought provoking emails, the one below was no exception as he shares his perspective on the role of timing in any emerging technology intersection. I couldn't agree more with his thinking, but he puts it so elegantly, I felt like sharing.
"I fundamentally believe in Kim's vision and the seven laws of identity. This is
grounded in the reality of human existence, which is a powerful basis for a
business plan. However payments are a huge, complex, entrenched system with
liberal sprinklings of greed and politics all the way through it, so it takes
awhile for it to change. ACI is always looking for an "event", something that
forces the system to change. Debit cards were an event. The change from
single DES to tri | |
