Recent Updates Page 77 Toggle Comment Threads | Keyboard Shortcuts

  • Bud Bruegger 2:09 pm on May 16, 2008 Permalink | Reply  

    Open Source Identity Management: eID Cards’ Spec Finally disclosed! 

    In Europe, Italy is one of the forerunners of smartcard deployment and not surprisingly, it has a long-standing history of eID cards and a noteworthy rollout. Together with Spain it is the first big European country to ready to start the general roll-out of eID cards to all citizens.

    The “e” in eIDs is really only as good as the services that the card provides access to–without services, an eID card is nothing but a piece of plastic (with a chip).  To enable a card to use services requires software, namely something called middleware that interfaces the web browser to the smartcard.  Maximizing service access and thus the value perception by citizens, means to “eID-enable” as many environments and applications as possible.

    What will seem natural to most Open Source people out there, but often less so to government organizations, is that a single organization cannot easily support all desirable/necessary cases very easily–this is a simple conseguence of the ever increasing scarcity of resources.

    Applied to eIDs, most governments provide eID middleware for the “major platforms” which can range from only Windows to a maximum of Windows, Mac OS X, and Linux on Intel.  Do you want to access an eID-protected service from your mobile device running Symbian, or from some embedded device that runs Linux on a Strong ARM processor, or even only from Linux on PowerPC?–well, don’t count on governments to help you out any time soon.

    So a key factor to using eIDs ubiquitously, and thus create value to citizens, is to enable third, non-government parties to develop and distribute middleware where it is missing. Unfortunately, this is not possible in every European country.  While some national eID projects have published their technical specs from the very beginning, others have treated them as confidential and thus prohibited third parties from filling in the gaps.  Considering that ID documents are related to “national security” and that government decision makers more often come from a legal than a technical background, this is not as surprising as it may first seem to computer security experts.

    In view of the significant negative consequences of unnecessary confidentiality, it is very nice to observe that decisions can indeed change!  Italy was one of the European countries who considered the spec of their eIDs confidential.  This has in the past prohibited the support of Italian eIDs on non-Windows platforms.  Also, the current middleware [that is part of the pilot project and may be replaced for the general roll out] does not play well with Mozilla Firefox (even on Windows). Thankfully, all these are now restrictions of the past since the full spec was indeed published yesterday. I believe that this is the merit of many unnamed people, acting behind the scenes, who used many ways and various opportunities, invested an enormous amount of personal energy, to drop by drop hollow the stone and remove the rocky mountain that blocked the way to freedom.  This is the moment for gratitude and for encouraging others with the message that it is not easy, but it is possible and at times it succeeds.

    So what will the gained freedom bring us and the citizens who have an Italian eID in their pockets?  Here is my take on predicting the future:  In a relatively short time, support for the Italian eID card will be added to OpenSC that already supports most other European eIDs and the American PIV.  This will provide multi-platform middleware for use by Firefox browers, Virtual Private Networks, Secure Shell, Linux logon, and other applications. Also, commercial players will more easily be able to provide out-of-the-box eID-support in their operating systems or on their devices (such as set top boxes).

    I hope that this foreseeable positive development will become a visible experience that demonstrates the benefits of openness and influence those countries who still keep their specs confidential: The community can amplify resources and thus achieve what a single player (in eIDs mostly a government) simply cannot even hope to do.  So let us work on making this a reality, let the community provide significant help in making eIDs a success, and from time to time let us remind people that it is openness that made this all possible.

    Technorati Tags: Open Source Identity Management, eID, smartcard, eID spec

     
    • Emanuele Pucciarelli 8:47 am on May 27, 2008 Permalink

      I hadn’t read your take before doing this, but it turns out to be correct. There is a patch adding support for CNS/CIE, and I hope it gets into trunk soon, so that the next release of OpenSC features support as well.

    • Bud P. Bruegger 11:24 am on May 27, 2008 Permalink

      About two years ago, I wrote OpenSC support for CIE and had also submitted it to the Ministry in order for them to publish it on their open source repository (I had an NDA, never received the spec, and it was never published). Haven’t had time to port it to the latest version and for legal reasons, couldn’t publish it (and the same for my python library to access CIE, pyCIE), but Roberto Resoli (Comune di Trento) has started to work with my old code. But let’s just work together to create a single PKCS#11 for CIE and CNS (the current CIE ARE different from CNS in some respect..). Some people officially involved with CNS are also interested in this work. Let’s join and produce a single well-tested solution.

      -b

    • Roberto Resoli 4:00 pm on May 27, 2008 Permalink

      The CIE filesystem is a great new for everybody, like me and Bud, interested in open source as a way to lower the barrier between citizens and eGovernment. It seems that a lot of already done work is being unlocked (Bud, Emanuele, who else? 🙂 ).
      CNS and CIE are indeed different beasts, but they MUST[1] be interoperable.
      The main difference, apart form external appearance, is that CIE does not have a Digital Signature service on board, even if the last rules (November 2007, the same that stated the filesystem disclosure)
      specifically indicate this possibity.

      CNS is not the best practice around, from the Open Source point of view.
      It is currently not possible to support it, because some operations (Digital Signature in particular) are protected using symmetric cryptography
      (“Secure Messaging”) whose secret keys are embedded in the card, and then in the opaque, proprietary software that deals with it.

      The need of protection (but not its implementation) is mandated by an EU regulation about Electronic Signature[2], which sets the level of security (CWA 14169 -> Common Criteria, EAL4+) for “Secure Signature
      Creation Devices” (SSCD). Technically, a “Trusted Path” and “Trusted Channel” must be estabilished between SSCD and SCA (Signature Creation Application).
      The actual running implementation is such that CNS cards coming from different manufacturer (and even different batches of cards from the same manufacturer!) are not interoperable (even if all the specifications
      involved are the same, the secret key is not!).

      The corrently under study European Citizen Card proposes a different approach; in related technical (CWA 14890, chapter 8) a protocol involving asymmetric cryptography is outlined, in which the key for Secure Messaging is generated on the fly, more or less in an SSL/TLS fashion.
      May be this could be the next step on the way of a really open and interoperable eID infrastructure.

      If someone wants to go deep in the subject, i prepared a package[3] collecting several of the regulations quoted here, along with a presentation I made for the last Italian Free Software Conference.

      [1] CNS on CNIPA web site (in italian).

      “La completa corrispondenza informatica tra CNS e CIE assicurerà
      l’interoperabilità tra le due carte e la continuità di servizi
      all’utente che passi della Carta Nazionale dei Servizi
      alla Carta d’Identità Elettronica”

      that is:

      “The complete informatic match between CNS and CIE will assure
      interoperability between the two cards and continuity of service
      to the user moving from CNS to CIE.”

      [2]”COMMISSION DECISION of 14 July 2003
      on the publication of reference numbers of generally recognised standards for electronic signature
      products in accordance with Directive 1999/93/EC of the European Parliament and of the Council”

      PDF on Interlex web site (in English)

      [3] zipped package from the “SmartCards, eGovernment and Free Software” workshop on the ConfSL08 website.

    • Saurabh 1:43 pm on November 30, 2009 Permalink

      Hi Roberto,

      We are trying to Replace MS Identity Lifecycle Management for an Organization of 8000 employees, is there any solution you suggest ?

    • Roberto Galoppini 12:45 pm on December 1, 2009 Permalink

      I don’t know an “out-of-the-box” open source replacement for that, sorry.

  • Roberto Galoppini 4:42 pm on May 15, 2008 Permalink | Reply  

    Open Source Community Awards: SourceForge Community Choice Awards officially open! 

    Sourceforge 2008 community awards‘ nominations are officially open, you can now nominate your favorite project, even if it is not enlisted within SourceForge.net repository.

    Space Invaders TattooSpace Invaders Tattoo by Pythagore Anonymous

    I asked Ross Turk more feedback on the program:

    Hey! The Community Choice Awards nominations are now open. We’re seeing nominations rolling in from all kinds of projects – lots from SF.net and lots from everywhere else. We’re putting the finishing touches on our party planning, and finding new and interesting ways for various other communities to participate in the festivities, and I think it’s going to be really cool. We’ll even be giving away free FOSS-related tattoos. Yeah, real tattoos.

    To help our projects campaign, we’ve created a series of “badge” images that can be put on blogs, project web sites, and anywhere else they can reach the members of each project’s community. Users can create a badge for their favorite project by going to http://sourceforge.net/community/cca08-badge and providing some basic information. I think this is important because, honestly, nobody knows how to campaign for these projects more effectively than the users who love them.

    Tattoos? I am looking forward to meet hackers at OSCON 2008 going around with tattooed with dolphins or other FOSS-related symbols! 🙂

    Disclaimer: I am on SF.net Marketplace advisory board.

    Technorati Tags: SourceForge, Open Source Community, Community Awards, RossTurk

     
  • Roberto Galoppini 7:51 pm on May 14, 2008 Permalink | Reply  

    Open Standards Conference: IDABC initiative to define a Common Assessment Method for Standards and Specifications 

    IDABC, a Community Programme managed by the European Commission’s Directorate General for Informatics, is organizing an Info Day aimed to initiate the collaboration among volunteer Member States in the definition of a “Common Assessment Method for Standards and Specifications” (CAMSS).

    The CAMSS Info Day will be held in Brussels on the 28th of May, and it will be open to discussion with the stakeholders.

    The one day event will be organized in the frame of phase 1 of the CAMSS project activities, defining a common set of guidelines for the assessment of standards and specifications based on national best practices.

    The morning session will focus on the presentation and the objectives of the project illustrated by Member State use cases; the afternoon session will be dedicated to the presentation of the CAMSS followed by panel discussions on possible following works.

    The draft CAMSS will be published on the IDABC website, in June 2008 inviting external stakeholders to comment on it.

    If you are interested to attend the CAMSS Info Day, please fill in a call for expression of interest no later than 13 May 2008 – You may download the privacy statement.

    Draft agenda: 10h-16h.30

    Morning session:

    • Introduction by the Commission
    • Use Cases by some Member States

    Afternoon session:

    • CAMSS presentation by the contractor
    • Panel discussions on CAMSS and possible following works

    Contact: Serge.novaretti@ec.europa.eu

    [tags] open standards, IDABC, CAMSS, Setting Standards Organizations, International Standards Organizations [tags]

     
  • Roberto Galoppini 5:34 pm on May 13, 2008 Permalink | Reply  

    ForumPA: Creativity Forum, A Forum for Ideas 

    ForumPA, the greatest Italian event of and about the Public Administration taking place in Rome from the 12th to the 15th of May, today hosted the Creativity Forum session, chaired by Fiorello Cortiana, representative of the Italian delegation at the WSIS.

    Trying to grasp that ideaTrying to grasp that idea by El Buen Matador

    ForumPA, the Italian exhibition to meet up representatives from central and local Public Administrations, this year is running also some unconferences, freely inspired by the barcamp phenomenon.

    Unfortunately I couldn’t join the unconference from the very beginning, but I really enjoyed Renzo Provedel speech about open innovation, as I liked Stefano Quintarelli gave a very interesting talk on the network infrastructure as a commons. I also enjoyed Guido Scorza telling the audience how difficult is to share creative commons in Italy.

    I started my very short speech speaking of the big “news”: free software exists and there is a lot of it. While open source is doubling every year, a very tiny fraction of it is known from the public. Despite Linux or OpenOffice.org are well known – don’t miss my round table tomorrow if you want to know more about OpenOffice.org Italian success – many people totally ignore the existence of a number of valuable open source packages. I mentioned Clam Anti Virus, an effective open source anti-virus whose performances are widely unknown, as resulted also from researches conducted by a student I was advising for his thesis.

    Considering the existence of funds to sustain open souce innovation, the new Italian government might consider to launch a “pubblicità progresso” campaign in order to let people know about open source software.

    Am I a dreamer? I hope not!

    Technorati Tags: open source government, open source dissemination, Italian public administration, pubblicità progresso, guidoscorza, stefanoquintarelli, fiorellocortiana, renzoprovedel

     
  • Roberto Galoppini 12:50 pm on May 12, 2008 Permalink | Reply  

    Open Source Identity Management: OpenID gets momentum 

    SourceForge Community blog announced OpenID support, following Google, IBM, Microsoft, Verisign and Yahoo! decision to join OpenID Foundation board.

    OpenID logoOpenID logo by protimegallery

    OpenID – the open source decentralized framework for user-centric digital identity – is getting tremendous traction and it is estimated that there are over 160-million OpenID enabled URIs with nearly ten-thousand sites supporting OpenID logins (among many also Free Software Magazine).

    I asked Scott Kveton , Chairman of the OpenID Foundation board and VP of Open Platforms for Vidoop, to tell us something about the importance of big companies’ support and how it reflects on the business case for OpenID.

    Having more and more big companies supporting OpenID has been fantastic for the technology. Let’s not forget that OpenID is nearing its 3rd anniversery of its inception. We’ve covered a lot of ground in such a short time. The fact that organizations both large and small are moving to this technology is a testament to the necessity of it.About the business model of OpenID, that’s an interesting question. Just like my mom didn’t get SMTP, she got email the same will be true with OpenID. The magic isn’t in the technology, its in what the technology enables and the real world solutions it will create for users. This is akin to RSS and Feedburner. Users of Feedburner don’t know they are using RSS but its what powered that company and they found a unique way to monetize that. What are the specific ways that people will do this with OpenID? I don’t have a good answer for that.

    Why OpenID is getting included in more and more open source stacks?

    OpenID has been added to more and more open source stacks for the same reasons that technologies like PHP, Linux and others have been adopted. OpenID is built in the same “open” fashion as many other technologies on the Internet and a such I think open source developers trust this technologies over other ones. In addition, OpenID solves a problem set for developers that takes away from their “main thing”. If I have a CMS, managing user accounts isn’t my “main thing”; its secondary. Finally, we were very lucky with OpenID and other open source projects in that we launched the OpenID Bounty program which has helped folks like Drupal and Plone see a reward for integrating sooner rather than later.

    The consistent increase in adoption of OpenID will tell about OpenID business case. To track the take off of OpenID I asked Ross Turk some feedback about the recent decision to use it.

    Our decision to undergo this project was simple. There was a strong community interest, the engineering resources required were modest, and the benefit to our users could be substantial. My dream for SourceForge.net is for it to be a truly open architecture that allows integration with a wide variety of tools and frameworks, and I think my dream is shared by many of us over here. This brings us a step closer.

    This was probably the most straightforward thing we’ve done in a long time. Hats off to the OpenID folks for designing something that’s easy to integrate! If it were hard to do, we might not have done it. Of course, that’s the key to the success of anything like OpenID: if it’s not easy to take advantage of, nobody will.

    Easiness of integration is key to OpenID success, apparently. I am looking forward to tell about how and if someone will eventually take economical advantage of it.

    [tags] OpenID, RossTurk, SourceForge, Identity Management, ScottKveton, OpenID Bounty program[tags]

     
  • Roberto Galoppini 12:57 pm on May 10, 2008 Permalink | Reply  

    Open Standards Conference: Bob Sutor at the IBM Conference on open standards 

    IBM Italia on Thursday hosted a conference on open standards, introducing the audience to standards’ risks and opportunities, in order to accelerate open standards adoption in the public sector. IBM Italia invited Italian stakeholders to meet up with Bob Sutor, IBM Vice President Open Source and Standards, along with representatives of Italian Central and Local public administrations involved with open standards’ policies and dissemination.

    Rome in a glassRome in a glass by Geomangio

    The event was held on the 8 of May at the IBM office in Rome. Bob Sutor’s keynote speech – Twelve Industry Challenges for Open Source and Standards – introduced the audience to the importance of global standards in relationship to current policies around formal International Standards Organizations. He invited attendees – from Italian public administrations like Consip, CNIPA, ISTAT – to adopt open standards policies that emphasize technical work developed by a community of stakeholders, encouraging them to deprecate de facto standards.

    Besides open standards Bob spoke also about open source governance, inviting Italian public administrations to develop common models of FOSS use and governance, making use of FOSS as much as possible easy as proprietary software. In this respect he suggested also to consider developing more open source software, saying so he reported about Eclipse Open Healthcare Framework project as an example.

    Last but not least Sutor spent few words about the importance of making new open source leaders and developers, a goal addressed by professor Roberto Di Cosmo working at the university of Paris on the idea of resumes FOSS ready. Evangelizing users on the availability of open source products like OpenOffice.org and Eclipse, eventually teaching children to let them learn the FLOSS value, was highly recommended in his closing remarks.

    Flavia Marzano (Province of Rome), Vittorio Pagani (CNIPA Open Source Observatory) and myself (PLIO association) have been talking about open standards’ policies by Italian public administrations from different perspectives, giving the audience a broad view on the subject.

    Technorati Tags: open standards, open source conference, IBM Italy, BobSutor, Eclipse, openoffice.org, openoffice

     
  • Roberto Galoppini 9:32 am on May 7, 2008 Permalink | Reply  

    Open Source Webinar: Best Practices for Open Source Governance, by OpenLogic 

    OpenLogic just announced three webinars on best practices for open source governance.

    How to Inventory Your Use of Open Source Software webinar will cover topics like how to use OSS Discovery software to take inventory and how to implement an ongoing audit of open source usage.

    How to implement an Open Source Policy and Approval Process for Open Source Compliance webinar will disclose potential risks associated to open source usage, and how open source policies can help enterprises to manage open source licenses.

    Understanding Open Source License Obligations in the Enterprise webinar will cover most common licenses’ obligations, and how to comply with them.

    Register on line.

     
  • Roberto Galoppini 1:35 pm on May 6, 2008 Permalink | Reply  

    Open Source Projects Outsourcing: North-by-South 

    North-by-South, is an open source company based in San Francisco and Sao Paulo (Brazil), is getting work from the Bay and organizing teams of open source programmers from Central & South America to do the jobs.

    North-by-South, officially started in July 2006 in Sao Paulo at a developers get-together organized for open source veterans, currently have about 30 programmers in its open source developers network and it is planning to expand to 100 developers by January 2009.

    Made in Brazil Barbie made in Brazil by wagner_arts

    I asked Ryan Bagueros, formerly head of engineering at Tagged, is the North-by-South founder, and co-founder of San Francisco Community Colo, how do they commercialize their services.

    We’re in touch with the marketplace through local innovations like Craigslist but mostly we get work through the extensive contacts of our San Francisco team. We have 4 people working in San Francisco on getting jobs, organizing them, etc and we’ve all been working in SF through the first dot-com bubble and now in the “web 2.0” resurgence. So, we commercialize via word of mouth, web, local conferences, local internet gatherings, etc. It would be much more difficult to get work if we were not located in San Francisco and hadn’t been working here since the mid-90’s.

    Brazil and South America as a whole have an absolute advantage over USA in producing open source software, and as a matter of fact what is going on with the free software movement in Latin America is pretty peculiar.

    I wish Ryan and his latin American friends happy hacking!

    Technorati Tags: open source developers, latin america, brazil, ryanbagueros, northbysouth

     
  • Roberto Galoppini 4:15 pm on May 5, 2008 Permalink | Reply  

    Open Source Business Intelligence: is Nextanalytics Open Source? I doubt 

    Nextanalytics , a business intelligence company based in Ottawa, announced the availability of the Nextanalytics 3.0, a business analytics platform with a proprietary analytic engine and an open source tier needed to integrate it with third parties’ applications and solutions.

    In a marketing move, nextanalytics claims to be open source while making source code available only partially.

    Marketing claims Marketing claims by Domenico Sav

    Reading some posts on the subject I found Ward Yaternickh, Nextanalytics founder and CEO, saying:

    We’re actively soliciting a community of third-party consultants, ISVs, and sole proprietor developers to offer services and products that employ nextanalytics to do their data integration and processing. We have great technology and now, with our new open-source inspired, community-driven Web site, we have made it easy to work with nextanalytics. Now, any dev shop can distinguish themselves with our software as their analytics engine. Through this strategy, we hope to be the next MySQL, but with a focus on business analytics.

    The developer zone doesn’t look community driven at the present stage, as honestly recognizes Ward who told me that the ROI to create a proper forge is still uncertain. Nextanalytics has clearly also very little to do even with new MySQL’s approach (where some add-ons could be eventually distributed as proprietary pluggable features), so I asked some clarifications.

    How open source you are?

    For a nominal, (interpret “fair”) annual fee, people can get some analytic functionality to improve what they use to make business decisions, and as much open source code as they need to integrate into their environments. If they can find something useful in our list of features, then the cost-benefit is obvious. If we don’t have what they need, then they have to go up-market and pay a lot more. That is why nextanalytics exists, to sell to that market.

    Nextanalytics is aiming at making programmers’ lives easier, providing them with open source reference implementations and documentation to do things faster and easier. So far, so good.

    Does it make them an open source company? I don’t think so.

    Technorati Tags: open source business, open source business intelligence, business intelligence, nextanalytics, wardyaternick

     
    • Ward Yaternick (nextanalytics) 5:01 pm on May 5, 2008 Permalink

      Thanks for taking a look at the netanalytics product line Roberto.

      I think what you said is a fair assessment of where we are as of this moment and I enjoyed the cartoon.

      I’ve been a programmer for 25 years and the idea of me being the marketing guy would make some former colleagues fall off their chair laughing! Oh wait, they used to do that to me all the time anyway.

      **** LATE BREAKING NEWS **** Just today, I initiated a “proper” open source project at SourceForget.net complete with having to agree to all the conditions of Open Source as per their Defintions. We will be open source, then.

      I guess it looks like I’m reacting, but truthfully, not really. I created the SourceForge.net project before you told me what you were going to say.

      The real reason is that, over the weekend, I had a lot of email from people questioning my approach to Open Source. In responding to their questions, I learned a lot about Open Source, true Open Source :).

      So that’s why I decided to open up a SourceForge.net project.

      It takes a bit of time go through an approval process and then I have to get the java and c# versions uploaded. But, after that, in a few weeks, we’ll have products that are truly open source as per the broad community definition, no more wiggly-marketing words as per your cartoon :).

      For the code that’s up on the Forge, I will ensure there’s enough in there to be useful to a lot of people.

      I’ll ping you when I’ve done that, just in case you want to take a look at the “real” open source. Who knows, maybe you’ll want to create your first BI solution after that?

      Thanks again and CIAO to all!

    • Roberto Galoppini 8:48 am on May 6, 2008 Permalink

      Hi Ward,

      I am glad me and others are helping you to form a better idea of what makes a product open source. Whenever you are ready to announce an open source release you are more than welcome, open source BI apparently is slowly catching on though.

      Happy hacking!

  • Roberto Galoppini 9:35 am on May 3, 2008 Permalink | Reply  

    Sun and Microsoft Open Source Strategies: links 03-06-08 

    Sun’s open source strategy overshadowed by legacy businesses – (via google alert) Larry Dignan is skeptical about the possibility that open source will turbo charge the rest of Sun’s businesses.

    Managing Toward Open – Sam Ramji writes about how the interrelationship between Microsoft and open source is changing. Matthew Aslett commented Microsoft’s move to jump into cross-platform system management.

     
c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel