Sunday, December 31, 2006

The measures of 2006...

2006 closes with the following:

  • I have 249 references to my blog from 40 different blogs (as reported by Technorati) -- it was 263 from 46 locations a few days ago, but apparently some went away :-(. I'm catching up to Paul, albeit a bit slower than I would like.
  • I flew approximately 175,000 miles this year (162,285 of them on United)
  • I was able to upgrade 68 of my 70 flights on United.
  • I have flown one million+ lifetime flight miles on United.
  • I have almost one million miles in my United account (that's like 3 round-the-world, first class trips -- like I want to fly anywhere else).
  • I now have 359 Internet Identities.
  • I spent 118 nights in hotels (88 of them in Marriotts) -- not counting family visits.
  • I have almost 500,000 points in my Marriott account (good for a few weeks of hotel stays -- like I want any more nights in a hotel).
  • I have an ebay rating of 131.
  • I have 96 linkedin connections.
  • My second patent (#7,107,447) issued this year. Aleksey Sanin and I filed this patent based on some work we had done at AOL in the area of social networking.
  • And, perhaps most importantly, ended the year with 130 posts (not counting this one) in my blog that you all love to read so much :-).

Not a bad year.

Tags : / / / / / / /

Friday, December 29, 2006

Gadget of the Week #7

Tis the season... to get new gadgets and this season was definitely not one to complain about. The top of the list:

The Garmin Nuvi 660 GPS Device


I bought the Garmin Street Pilot 2720 last year for my wife for Christmas and she really liked it, so we looked around for one for me.

The Nuvi 660 stood out for many reasons, not the least of which was:

  • It's portable (battery powered) so I can use it for walking trips as well as driving -- very useful for my many Liberty Alliance meetings around the world.
  • I can get European maps for it as well. This past October, I rented a car in the UK and paid £10/day (total of £50 or about $100 for the trip) -- this will make that expenditure unnecessary -- and having a GPS certainly made driving there much, much easier.
  • We were very happy with the quality and interface on the StreetPilot and so felt very comfortable staying in the Garmin line.

There were other reasons as well, but those were the driving factors.

We tested it this week on our typical Christmas trip up to New York to visit with my parents. The device worked great.. Particular charms include:

  • The selection of voices are excellent. I especially like Emily (British accent) and Karen (Aussie accent). My wife was quite interested in the male voices, but for some reason they didn't do much for me.
  • The predicted arrival time was way more accurate than most mapping software I have used (and this on the first use, so the system didn't have time to learn my driving habits). We left for NY just before noon with a predicted arrival time of 4:57 and got there around 4:53 -- this with my not-so-typical lead foot. Similarly when we headed back home, the difference was only 10 minutes (and that was with a 5AM start and no traffic the entire trip.
  • The screen is extremely crisp and readable.
  • The voice directions are very understandable (other than a couple of times when Emily said "Clubhouse Doctor" for "Clubhouse Dr." and "va" (not "V-A" or "Virginia") route 15 -- Karen didn't seem to have that problem).

There were a few, minor, issues with the system:

  • The raw GPS information (most notably, the elevation/altitude) was not directly available via a menu, but if you clicked on the GPS signal indicator, the page was displayed -- took me a long time to figure that out.
  • Re-routing seems to place a heavy-weight on following the original course. At one fork in the road where it's about a 50/50 split as to which way to go, I chose to go a different way than the device had selected. As I continued down that path, for the next 4 or 5 exits, the system kept trying to put me back on my old path (and the arrival time kept extending, starting from 4:55 to 5:01 to 5:15 to 5:21 before it finally gave up and selected the route I wanted, which resulted in an estimated arrival time of 4:53).

As a comparison, I had a top-of-the-line factory-installed GPS system on my Lexus SC430 and the Nuvi 660 compares quite well against it. I would recommend the portable solution over the factor-installed anytime given the lower cost ($800 vs $2,000), easier and cheaper updates ($100 vs $400) and, especially, the portability.

All-in-all, I'm very happy with the Nuvi 660 and recommend it to anyone who wants a GPS system for their car. I will certainly enjoy riding around with Karen.

Tags : / / / / / / / / /

Monday, December 25, 2006

Merry Christmas

My family and I want to wish everyone a safe and joyous holiday (and stop reading blogs on your day off -- other than mine, of course :-)) .

Tags :

Saturday, December 23, 2006

An open letter...

Dear Hollywood, the DVD Forum, and Sony,

You guys are a bunch of idiots.

For those that don't know, there's a battle going on between two competing formats for the market of high definition video disks. On one side you have the HD-DVD and on the other side you have the Blu-ray Disk. I won't go into specific details of each format because I just don't care (you can spend hours reading through the results of searching on "blu-ray vs HD-DVD" and you still won't have enough information to figure out what the successor to DVD will be.

My problem with all of this is that here I am in what should be the early majority phase of high definition home video disk technology and, being that I'm typically the early adopter for gadgets, I should already be well underway in my replacement of my favorite DVDs with some high definition format.

I should already have spent gobs of $$ buying these high definition versions, but alas that isn't the case. I can't buy them because there are two competing formats and until I have some inkling of the direction that this stupid battle will go, I sit on the sideline awaiting an obvious victor. (Hollywood: Read this as you are losing money.)

I wait because I don't want to invest that amount of money in a technology that may just go away, leaving me without any means to continue to use the technology moving forward. This is similar to the oft quoted demise of Sony's Betamax and the more recent abandonment of the Divx DVD format by Circuit City.

I have one HD-DVD player (the add-on for the XBox 360) because it was an inexpensive upgrade and two HD-DVD movies (one came with the upgrade and one was a present). I don't plan on buying many more until this mess gets wrinkled out.

The way things stand, I feel like the kid whose got some money burning a hole in his pocket. I want to buy some high definition video. I want to see high def movies at home at my pleasure. I can't because of this lack of a standard. Perhaps I'll find something else to spend my money on.

I suggest that others do the same. Perhaps the lack of sales can drive the two parties towards convergence. If you do buy, just remember that you have a 50/50 shot at buying something that will be worthless very shortly because at some point, the parties just have to come to their senses (one can only hope).

Tags : / / / / / / /

Urban Legends & Liberty 2.0

In a comment to my post about James McGovern's comments about the Liberty Alliance, Neil Macehiter points out:

Similar concerns were raised in comments to my blog post regarding Liberty 2.0 workshop and the participation of non-vendors.

Of course, the concern there were raised by the same person (James) and I liked the response from Neil:

Your comments re the participation of technology adopters in the definition of standards is well made and something we have commented on before:

I think you are being a little unfair on the Liberty Alliance as adopters have (and as far as I am aware continue) played a role since the founding of the project.

In the case of the Liberty 2.0 workshop, John Kemp is actually from Nokia which, in this context at least, I would argue is closer to an adopter of software rather than a purveyor.

I would add that in regards to the Liberty 2.0 workshop, this is an informational workshop talking about what Liberty is and about how the protocols and interfaces developed within Liberty's solutions apply to a Web 2.0 world. As much as I'd like to just agree with Jeff's note that, hey, we did just release ID-WSF 2.0 (and that's what the workshop is about), the workshop really is related to Web 2.0 and hence the moniker(although, as I said, the moniker was clearly a marketing decision and not a technical decision).

That said, if you look closely at the agenda items for the workshop, none of them are from vendors about vendor's products (well, other than the presentation from Mary Ruddy about the Higgins project, but that's an open source project, so I think that's a more than fine subject for the workshop and for the enterprise). The agenda is about spreading the word about what Liberty is, what Liberty protocols are, and how those protocols apply in a Web 2.0 world.

Some have raised questions about other subjects that should be discussed (such as deployments), but this isn't a deployment workshop, it's an informational workshop. Liberty has done deployment workshops where people talk about their deployments and their findings from such deployments -- I know, I've spoken at several of them about some of the work we had done at AOL. If you want to read more on adoption and deployments, take a look at the adoption area of Liberty's web site.

So, I suggest, somewhat strongly, that James join us for the workshop so he can learn about Liberty and, perhaps, see that we, as an organization, are more than open to enterprise participation -- even with the current substantial enterprise participation that we have.

Tags : / / / / /

Dispelling Urban Legends...

I wonder if this is how urban legends get started. Self claimed "thought leader" James McGovern has been repeatedly making statements over the past few weeks about the Liberty Alliance that show a lack of understanding in the structure and operation of the alliance.

I've been resisting responding to them because it feels like this is information he should be gathering himself if he really was a "thought leader" and so I didn't want to do his job for him (although I have succumbed to several of his "please answer this for me" blog comments that were totally unrelated to the articles upon which he was commenting).

However, since he seems to want to go on and on about it, I thought it best to educate him in the actual truth related to his statements and perhaps get him to actually look at the facts rather than making these mis-statements if not complete untruths:

At some level, I could attempt to do this work by joining a standards body such as the Liberty Alliance but unless they are willing to change their model for membership to become more enterprise friendly then this too will fail.

The most interesting part of that statement is that Liberty is frequently accused of being in bed with the enterprise only and not paying attention to non-enterprise use cases. In any case, the only thing I can think he might be referring to is the membership fees which range from $2500 on the low end to $50,000 on the high end ($150,000 if you want to be a member of the management board) (depending upon the size of the company).

These fees are inline with the fees charged by many other standards alliances and just cover the operational costs for the alliance. I'm not sure what James would want them to do as they aren't like the US Government and so can't run at a deficit year-in year out.

That aside, the membership fee is really a small part of the overall cost for a member. The real cost of participating in the alliance is the participation itself, not the fees. The salary(ies) and expenses of the employees that participate and drive the solutions is a much higher cost than the membership fees for most organizations. I don't see how this could be any different for an enterprise.

Spending lots of money in enterprises is easy. The key though is that spending of money on external entities usually comes in the form of statements of work, deliverables, etc. Simply being allowed to participate in a conversation will not allow the masses of enterprises to spend money to become a member.

Paying the membership fees does not enable the member to "simply being allowed to participate in a conversation." Each member has a say and a vote in the definition of the requirements for any current and future work done by the alliance. Each member has a say and a vote in the definition of the specifications to meet those requirements. In addition, the members that actively participate in any given issue are typically a subset of the overall membership and so, the participating member (enterprise or other) typically have an even louder voice/vote than you see in the overall numbers.

Is it possible for a NON-Sun employee to tell the world why anyone would want to join Liberty Alliance if your primary business model isn't technology?

I'm not now, nor have I ever been, a Sun employee... I've participated in Liberty representing a company who's primary output was *not* technology (AOL) and I've participated in Liberty representing a technology company (Intel). The answer is: By joining you get to ensure that your use cases are included in the set of use cases from which the requirements are built and you get to ensure that the solutions defined to meet those requirements meet your needs as well.

It seems as if those whose primary business model isn't technology is outnumbered by at least twenty to one.

Last week James claimed it was "ten to one", now it's "twenty to one"... Hmm... Let's look at the actual figures. Liberty currently has 13 Management board members listed on their membership web page. Of the 13, 5 (AOL, Fidelity, FranceTelecom, NTT and GM) are companies that are users of identity technology rather than sellers of it. The same page lists 39 sponsor members of which I think 13 are similarly users of identity technology. In addition it seems that the majority of the Associate & Affiliate members are also in the same class.

Clearly this is not 20 to 1, nor 10 to 1... It's not even 5 to one.

In addition, this ratio is lower in the Liberty Alliance than it probably is in most other standards alliances.

Tags : / / / / / / /

Friday, December 22, 2006

Sharing Video - My First Time With YouTube

So there I was with the hottest video in the identity sphere in my hands and I had to figure out some way to share it with the rest of the world. I couldn't put this on my own web site as that would kill my bandwidth even if just one person took a look at it. Of course, the first thing that came to mind was YouTube.

There was a problem, though. My video was shot on my Canon Powershot SD800IS camera and was almost 800MB long (thankfully I had my 4GB SD card in there) (and to give proper credit, the video was shot by Pat as I was one of the "stars"). YouTube has limits on the length of a video (both in time - 10 Mins - and in size - 100MB). On top of that, the video was filmed under less than optimal lighting and audio conditions.

So I went poking around the internet to see if I could find some MPEG 4 compression software to see if I could reduce the size. I tried two different packages and even with reducing the video size to 320x240 (¼ of its original size), the size of the files were coming out to be 300+MB -- still too large.

So it looked like I was going to have to split the video into pieces and upload it one piece at a time -- not the best solution and definitely not the one I wanted to use. On top of that, neither of the software kits I had downloaded had any editing capability, so I needed to find another solution.

Then it hit me, I had a copy of Roxio Easy CD/DVD Creator (now Easy Media Creator) installed and since it could create DVDs, I figured it had some video processing software... A quick search found VideoWave. I started it up and did a quick test by cutting it at the 2 minute mark and generating the video file. Amazingly, that turned out to be only like 15 MB, so then I knew I could put the whole thing into a single file!

After processing and watching, it was clear to me that people who did not have the lyrics sitting in front of them would have a very hard time following along and even those that did still would have a problem (I did).

So back to the drawing board and looking at VideoWave options, I could add text, so I went and over a period of a few hours (and lots of listening) I added subtitles to the entire song. I'm sure there was probably a better way to do it, but I did get it done and only once lost some of my work because of a program crash (which did lead to more frequent saves).

Uploaded the 41MB video to YouTube (that took a while, even with my T1), added a link to it on my blog and the rest is history!

Tags : / / / / /

Thursday, December 21, 2006

Trust and OpenID #2

Avery Glasser writes of OpenID And Promiscuity:

As OpenID grows beyond wikis and blogs and becomes an identity system used for handling more secure or transactional data, the need to be able to trust specific Identity Providers becomes key. Methods such as the MediaWiki plugin may break part of the original vision of the standard, but it does provide the gateway towards OpenID’s future.

This just follows the train of thought I laid out in "Trust and OpenID" -- valuable transactions require security and trust across all parties.

When OpenID starts to solve those problems it can go through all the blood, sweat and tears that the folks at the Liberty Alliance and the OASIS SSTC did in coming up with a protocol that identified and closed many of the security vulnerabilities in such a system. Or they can adopt work that has been heavily reviewed and implemented which meets all of the needs that I have seen expressed and then some.

As I've stated earlier, even if there are some additions or profiles that are needed, I'm sure that the folks involved in SAML (where Liberty has converged their ID-FF work into) would be more than willing to explore meeting those needs.

The bottom line is that security is hard. There's no reason to go through that exercise yet again (unless you like pain).

Tags : / / / / / /

5 Things Traceback

Eve commented on my post saying she didn't start it (boy, sounds like I'm talking to one of my kids :-)). So, I thought I would do a traceback to see if I can figure out where it started.

So, we have:

  • I was tagged by Eve
  • Eve was tagged by Tim.
  • Tim was tagged by Ugo.
  • Ugo was tagged by Gianugo.
  • Gianugo was tagged by Yoav.
  • Yoav was tagged by Jim.
  • Jim was tagged by Sam.
  • Sam was tagged by another Jim.
  • Jim was tagged by Dave.
  • Dave was tagged by Siel.
  • Siel was tagged by Ivan.
  • Ivan was tagged by Tara.
  • Tara was tagged by Stowe (and others).
  • Stowe was tagged by Irwin.
  • Irwin was tagged by Dameon (Phoneboy) (and others).
  • Dameon was tagged by Ken.
  • Ken was tagged by Andy.
  • Andy was tagged by Jeff.

Jeff appears to have started this particular chain without getting tagged (although he does say he had "heard about" Blog Tag and the 5-things-people-don't-know, it doesn't appear he was explicitly tagged by anyone).

The chain was started on December 10th (so the chain above was built in about 10 days). I'm not sure how deep other branches of the chain are, but with 19 levels above, the chain theoretically could have reached 19 trillion people if I'm doing my math right. Since I clearly new some people who had not been tagged, I'm guessing there's alot of duplication and dead ends -- some people just don't know how to have fun.

Ok, I must be really bored to track that all down, but the real excuse is that I was on hold talking with customer service from Amazon and DHL about a package that was supposedly delivered last night while we were home, but is nowhere to be seen. So, it was a fun use of my time.

Tags : /

Wednesday, December 20, 2006

Peer Pressure is an awful thing...

It started with Eve (which figures, it's always a woman who starts trouble), then Paul, Pat, and John...

At first I wasn't going to do it... I hate those "you can't break the chain, you must send it to 5 of your friends or else bad things will happen" chain emails.. But alas, it seems everyone is doing it...

Five things you may or may not know about me:

  • I'm Irish (with a name like Conor Patrick Joseph Cahill, I would have expected you to guess that, but to know it is different) -- real full-blood Irishman born to an Irish mother and an Irish father and a true citizen of Ireland (in addition to being a US Citizen, of course).
  • My only "official" training in adulthood has been as a Chinese Linguist while in the Air Force many, many years ago. Never did much work with Chinese, but did teach myself how to play with computers at my first duty station and that, shall we say, was that.
  • I spent a good portion of my free time in my younger life volunteering in a local rescue squad as an EMT in Maryland and later as an EMT-ST in Virginia -- ran an average of about 500 calls a year until my entrepreneurial interests stole all of my free time.
  • I am a McDonald's connoisseur and have a built-in divining rod for locating the nearest one, no matter what country I'm in (and I have tasted McDonald's in many countries as I'm sure some of my fellow travelers can attest to).
  • I'm an avid Rollerblader and used to play roller hockey up regularly up until around the time I started participating in the Liberty Alliance (too much travel to hold a slot on a team). Our team even won one of the 18-and-over NHL breakout tournaments up in Pittsburgh not too long ago. Of course, I played defense -- nothing give me more pleasure than to break up a good play :-).

Now my turn to tag somebody... Let's see: George, Johannes, Peter, Robin, and Hubert (I so wanted to tag Pam, but she apparently was already tagged by Pat). I fear for what George may tell us.

Tags : / /

Liberty 2.0

While it's definitely a marketing chosen name, the upcoming workshop on Liberty Alliance technologies and their intersection with Web 2.0 will be quite interesting (of course, you need to take that with a grain of salt since I'll be one of the speakers and I always think what I have to say is interesting -- hence my blogging).

Johannnes questions:

Is this just a bit of aggressive event naming, or is there some re-positioning going on?

It is absolutely none of the latter, but probably a bit of the former (as Paul pointed out in his typical "you have to understand him" way :-)) although I would not say it is all that aggressive given that Liberty has been talking about how to tie together multiple services on behalf of the user since day 1.

I would also say that the presentations at this meeting are more about showing how Liberty solutions solve some of the very complex problems that come when putting together multi-user, multi-provider, non-trivial, valuable services -- something that none of the other standard solutions out there today can solve.

Tags : / /


After helping Paul get around discriminatory pricing against Canadians and find a US-priced Lego Mindstorms NXT at a local Target store in Portland (while we were at the Liberty Alliance TEG F2F meeting nearby -- that good enough Russ?), my interest in the product for one of my kids grew.

We had bought a prior version of Lego Mindstorms for our son years ago and he played with it a little bit, but never really got into it (he's much more interested in video games and now especially DDR). So it pretty much sat there and gathered dust, even as all 3 of our kids can still sit around for hours playing with Legos.

So, last week, I had our daughters out for an xmass shopping trip and as we walked around the toys aisle, I asked Jessica if she thought she might like the Mindstorms set. She looked at me aghast and said "no way". We had already fulfilled CJs gifts, so that was that. No Mindstorms for us this year.

Alas, we're still short on a nice present for Jessica, so I broached the subject with her again, asking her if she even knew what it was. When I explained that it was a robotic system where she could program it to do things, react to things, move about, etc. she still just said "huh" (like: boring!).

Shortly thereafter, as I was searching for something else to buy for her, she runs into my office and shouts (yeah, really shouts):

"Hey Dad, you can get me that mindstorms stuff... because if I learn how to control it the possibilities are endless."

Guess we're going shopping again. Of course I had to ask her if there were other things she might want (can't let her or you know if she's really getting that until after xmass, but it was still a good story -- even my wife said that I needed to blog her comment).

Tags : / / / / / /

Web hosted applications

One of the things that helps support my position of having real honest-to-goodness local applications and not depending upon web hosted applications:


Server Error

The server encountered a temporary error and could not complete your request.

Please try again in 30 seconds.

This happened several times over the period of an hour or so last night as I tried to work on a blog post.

Not being able to get to my work environment really bothers me, especially when the availability is totally out of my control and there's no useful information about what to do about it, when it's going to come back or even what, exactly is going on.

Yes, similar things can happen on my laptop (an OS crash, a bad disk, etc.) but at least I feel like it's under my control and that I need to do something to get it working again (rather than being totally at the mercy and whim of the internet gods).

Note also that I'm not picking on Google or Blogger -- just pointing out a serious drawback in the web hosted application model (at least in my point of view). Google the web search engine definitely seems to have this problem solved as I can't remember ever gotten an "unavailable" problem trying to do a search (although my way-too-much time spent on airplanes still means I won't rely on web applications for mail, word processing, etc.).

Tags : / / / /

Tuesday, December 19, 2006

Identity in the news..

Earlier today, Paul "it's not about the page hits" Madsen was bragging to me about his 574 hits yesterday (far exceeding my peak of 393 thanks to that wonderful identity video -- all because he mentioned the new NBC show Identity in his "Be Prepared" blog entry.

Perhaps I can snarf some of the popularity as well :-). Although I do have to admit that his Samuel and URI comments added much more value to the conversation that my simple "hey, come my way too" begging :-).

Tags : /

Gadget of the Week #6

At last weeks Liberty Alliance Technology Expert Group F2F in Portland (which we hosted at Intel), I took a few of my fellow travelers over to the Intel store on campus so they could buy some Intel knick-knacks to bring home to the family. What we found there wasn't as geeky as some of my other gadgets, but very useful for international travellers...

An inexpensive (just $8.99), compact universal international plug adapter.

This one adapter works pretty much anywhere, and can be reconfigured like a transformer (the toy) to adapt to European and UK type plugs:

The sad part about this was that I was unable to find any marking/branding on the adapter to identify a source for it outside of the Intel Store (Sorry folks). I was able to find what looks like another plug designed the same way (can't say who copied who or even whether or not they are manufactured by the same, I'm sure Chinese, company). The closest one I have been able to find is an APC Universal Plug Adapter which you can buy for $15 to $30 at various places.

It's much better than the clunky adapters I've been using to date.

I should note that this is just an adapter. It is not a power transformer. You must have a power supply capable of handling 50-60 Hz and 110-240 Volts. Most portable electronics power supplies can do this nowadays, but you should check the power supply to make sure. There should be a label on the power supply or charger that looks like:

If you don't have such a range of inputs for your device, you will need a transformer (the power kind) in many/most foreign countries.

Tags : / / / / / /

Monday, December 18, 2006

Federated Authorization #3

In my previous article on Federated Authorization, I wrote:

In any case, I think there are problems with the basic premise of federated authorization. If you look closely at the various posts in regards to this question, they all talk about how you can do remote or delegated authorization. This is typically done in a model where an enterprise or service company will have some central authorization service that maintains the set of rights that their customers have.

This isn't a federated solution in that the decision as to the rights afforded the user is not delegated to a foreign entity. Even in the shibboleth model, where a student at university A is granted access to a resource at university B, the authorization decision is made by university B (yes, it's based upon the federated data that the student is a student at university A, but the authorization decision is made by university B).

And James McGovern commented with a question:

I posted in subsequent postings real scenarios where authorization is federated. Shekhar Jha had also chimed in on those which provided a good perspective. Did you get an opportunity to check out the scenarios I posted?

Referring, I think, to these articles:

Consumer Perspectives on Federated Authorization, Federated Authorization and Relationship, and Even More thoughts on Federated Authorization...

These all bring out good examples of some form of delegated authorization (and in the consumer use cases, what I would call federated authorization since you are likely crossing security domains).

While I think that many, if not all, of these use cases are interesting, I think that the model has some issues that prevent its widespread adoptions including:

  • The range of settings for permissions at any one resource controller are vastly different from one instance of that type of resource to another, thus substantially raising the complexity of any centralized management infrastructure.

    For example, given the "authorize my lawyer to pay my insurance bill" scenario, I not only have to authorize him access to my bank account, but to extract money for a particular purpose and probably with some limits on the amount. How also do I differentiate between paying a bill and paying a co-payment or deductable?.

  • The complexity for a good user understandable interface for interacting with such settings. I just don't think that we're even close in the realm of computer/human interfaces to provide a generic mechanism that will allow a central server to have the knowledge and understanding to walk the average technologist through the process. less alone my mother.
  • There are a lot of privacy considerations around a centralized authorization entity (much more so than a centralized identity entity). This one entity will not only control all of my authorizations, but will also have the knowledge of what authorizations I have made. In the early days of the Liberty Alliance work, much thought and energy went into minimizing the knowledge of central parties -- that's why we have segregated service instances into groups of related data (rather than one know-all service provider), that's why we don't have the IdP involved in every message from a Web Service Consumer (WSC) to a Web Service Provider (WSP)(yes, through the Discovery Service (DS), the IdP can know that WSC wanted to talk to a particular WSP, but whether or not they spoke and what they spoke about is not visible to the DS nor the IdP.
  • Doing authorization remotely can have a significant negative performance impact. This comes from the messages necessary to obtain the Authorization information, the caching of said information (without some form of caching, you're really in the dog house of performance) and the parsing of said information on each access. An internal authorization solution can be optimized for the resources being accessed and even tied to said resources within the internal database of the application. Such tight coupling is very hard to do, if not impossible, when receiving authorization statements from remote parties.

Shekhar also pointed out the "Authorization Push" model which has the same issues plus the issue of somehow figuring out at push time, the policies that the recipient will be interested in. I tend to favor push models when the information necessary at the recipient is easily known in advance. With complex authorization policies, the only way to support push would be to push the entire policy -- something that can be very expensive from a bandwidth and processing overhead point of view.

Another problem with the push model is that it assumes a single identity in the interaction. However, when I go to access Paul's photo service, its his service that needs to get the authorizations from his authorization pool, not from mine. I don't think push works in that environment

I'm not normally the pessimist... I just think that in this case, a distributed authorization model is a much better solution. Tight, application specific authorizations (such as "can James add a comment to this article on my blog") are kept with the resources being authorized. Loose, granular, cross-application authorizations (such as "can James see my blog") are more suitable for some level of centralization.

Tags : / / / / / / /

Gift Cards or Cash... that is the question?

I was out Christmas shopping with my wife over the weekend and she was looking for a gift for our kids' teachers. For some, she selected a Barns & Noble gift cards and for others she selected Starbucks gift cards (mostly based on what stores she thought would be close).

My first thought is why not just give cash. Cash is definitely much more portable in that you can use it anywhere. Cash also retains its value forever (many gift cards start to lose value after 6 months to a year). And, Cash usually isn't misplaced in a drawer somewhere -- the recipient usually just puts it directly into their wallet/pocket.

But, there seems to be a negative aura around giving cash. Like the giver has put more thought into the present by selecting a store wherein the recipient is restricted for any purchases. Somehow the fact that the giver likely spent time waiting in line (and getting the people behind her to grumble when the cashier took so long figuring out how to charge up the gift card).

But this negative aura isn't everywhere. For weddings, it's usually fine to give cash. But for birthdays and especially for Christmas (or other holidays) there seems to be a some social drive to not give cash.

For me, you can feel free to just give me cash for any celebration. I'll never look down at receiving cash. In fact, I'd say it's preferred in many cases as nobody else can figure out the things I really need like I can :-).

Not that I'd look down at receiving a gadget either.

Tags : / / / / /

Saturday, December 16, 2006

Almost free software...... NOT!

Over the past few days I've received a rash of offers for unbelievable pricing on various products including Microsoft Office, Vista, Adobe Acrobat, etc..

Clearly this is another SCAM attempt to rip off the user that you need to be very careful to NOT succumb to.

The mail has two basic subject lines:

At Dylan's webshop get 0ffice 2OO7, Acrobat 8 pro & ms-vista under 8O
ACR0BAT 8 PR0 & 0FFICE 2OO7 $79 N0W at Jingbai's WebShop

Although the name changes with every spam (Dylan, Karl, Gary, etc.) and looks like the following (note that I purposely broke the links so that they were not easily clickable -- no need to advertise for them):

All Titles 0n S@le.

Micr0s0ft Vlsta 2OO7     $79 
Micr0s0ft 0ffice 2OO7    $79 
Ad0be Acr0bat 8 PR0   $79 
Wind0ws XP PR0 +SP2   $49 
Ad0be Premiere 2.O   $59 
Macr0media Studi0 8  $99 
Micr0s0ft Money 2OO7     $39 
Aut0desk Aut0cad 2OO7   $129 
C0rel Grafix Suite X3   $59 
Ad0be Creative Suite CS2 $149
Ad0be Illustrat0r CS2  $59 

http  ://

See more:Micr0s0ft-Mac soft-Ad0be 

Micr0s0ft Vlsta 2OO7
Normal Price:  $399.00
0ur 0ffer:  $79.95
U-save:  $319.95 (75%)
Availability: Pay-and-download instantly.

http  ://

SalesRank: #1
Average Customer Review: *****
(based on 60465 reviews)

Micr0s0ft 0ffice 2OO7 Enterprise
Normal Price:  $899.00
0ur 0ffer:  $79.95
U-save:  $819.95 (89%)
Availability: Pay-and-download instantly.

http  ://

SalesRank: #2
Average Customer Review: *****
(based on 48341 reviews)

Ad0be Acr0bat 8.O PR0
Normal Price:  $449.00
0ur 0ffer:  $79.95
U-save:  $369.05 (80%)
Availability: Available for INSTANT-download.

http ://

Topten-ranked item.
Average Customer Review: *****
(based on 51489 reviews)

Macr0media Studi0 8
Normal Price:  $999.00
0ur 0ffer:  $99.95
U-save:  $899.05 (90%)
Availability: Can be downloaded-INSTANTLY.

http ://

Best choice for professional.
Average Customer Review: *****
(based on 52823 reviews)

rdist-1.3alpha rdist-1.3a     no strings like `alpha' allowed
o   Each nx= entry matches another gettytab capability name
  add 0 0 HISADDR
dispense with making the cua* devices.
 finished with bus, it de-asserts the DRQ line, and the DMA
editing the file /etc/host.conf. Do not call this file /etc/hosts.conf

I base my claim that this is a SCAM on the following factors:

  • TANSTAAFL - There Ain't No Such Thing As A Free Lunch -- the prices are just too good to be true.
  • The names of the products are all changed slightly (zeros for an O, mixed casing, etc.).
  • The products are only available via download -- these vendors frequently do not sell their products via download.
  • I checked the domain registration (using Network Solutions Whois server at
    PacNames WHOIS Server Version 1.1.0
       Domain name: TUHLOEM.COM
       Registrar: PacNames
       Referral URL:
       Domain Registrant: (Private Contact) (
          Shielded Whois
          Shielded WHOIS
          PO Box 2076
          Arvada CO 80001
          Telephone: +1.5016348793
       Administrative, Technical Contact: (Private Contact) 
          Shielded Whois
          Shielded WHOIS
          PO Box 2076
          Arvada CO 80001
          Telephone: +1.5016348793
       Name Server: NS1.SRUL5.COM
       Name Server: NS2.SRUL5.COM
       Domain creaton date: 2006-12-15 18:22:36.0
       Domain expiration date: 2007-12-15 23:38:37.0
    This has several issues for me including:
    • It was only registered a few days ago (12/15/2006) - definitely a sign that they haven't been in business long -- something that should raise red flags.
    • The domain registrant used a shielded registration (where their actual name and address is hidden) -- something that's OK for an individual to use, but never used by a legitimate business.
  • I have received more then 30 different versions of this email in the past week all from different senders with a variety of domains in the link including:

    Yes, all of those domains have been seen on different versions of the same email.

  • The email had a bunch of anti-spam filter stuff in it to get it by spam filters. Legitimate emails typically do not go to such extents. This includes, slight changes in the names of the products in different emails, a bunch of junk at the end of each message that was random garbage designed to foil anti-spam filters.

This feels like the same SCAM that I wrote about in Vacation Photos, but I have no evidence to tie the two SCAMs together other than my gut feeling.

This is a mail that should be ignored and deleted as soon as you get it. Ordering something from their site is the equivalent to having some guy walk up to you on the street asking for your credit card information for a fake rolex watch hanging inside his pocket. None of us would do that (at least I hope we wouldn't) and none of us should follow through on this SCAM either.

If you do/did fall for this offer, at the very best, you most likely get illegal software that you have no rights to use. At the worst, your identity is stolen and you spend several months trying to repair your credit history. I don't know which they are trying to do, but I'm pretty sure it's not something good for you.

UPDATE: 12/20/06 I've been getting a spate of these advertisements for Windows Vista for the same $79 price:

The most comprehensive edition of Windows Vista, Vista Ultimate Upgrade (DVD-ROM) is the first operating system that combines all of the advanced infrastructure features of a business-focused operating system, all of the management and efficiency features of a mobility-focused operating system, and all of the digital entertainment features of a consumer-focused operating system. For the person who wants one operating system that is great for working from home, working on the road, and for entertainment, Vista Ultimate is a no-compromise operating system that lets you have it all. Windows Vista Ultimate contains a number of new features, the most notable of which are: Windows Vista Ultimate combines all the features of a business-focused operating system, all the efficiency features of a mobility-focused operating system, and all of the digital entertainment features of a consumer-focused operating system; Remotely connect to business networks; Windows BitLocker Drive Encryption provides improved levels of protection against theft for your important business data whether you are at home, on the road, or in the office; Delivers all of the entertainment features available in Vista Home Premium; includes everything you need to enjoy the latest in digital photography, music, movies, analog TV, or even HDTV; Upgrade from your current edition of Microsoft Windows XP or Windows 2000 (including Windows XP Professional, Windows XP Home, Windows XP Media Center, Windows XP Tablet PC, Windows XP Professional x64, Windows 2000)
Windows Vista Ultimate Upgrade (DVD-ROM)
Retail Price $399.00
Our Price $79.95
You save $319.05
Please note, that there will be more special offers available for our constant customers. Every effort has been made to ensure the accuracy of all information contained herein. DS Team makes no warranty expressed or implied with respect to accuracy of the information, including price, product editorials or product specifications. Product and manufacturer names are used only for the purpose of identification. We appreciate your cooperation with us and we'll be glad to see you as our clients in the future.

If you go to, you see what looks like a detailed page on Windows Vista. If you lookup in the WhoIs database, it looks like it's owned by a "gwynne bontempo" in New Jersey. However, if you look at the link in the add-to-cart button, you see it brings you to which is owned by our old friend "Alex Rodrigez" of Vacation Photos fame and, in my eyes, clearly linking all these scam emails together.

I recommend you stay way from these guys. A deal that sounds too good to be true is too good to be true, especially if coming from someone trying that hard to hide their tracks.

Tags : / / / / / / /

Friday, December 15, 2006

Federated Authorization

Last week, James McGovern posted comments on a number of blogs trying to stir up some conversation around the concept of federated authorization. There were several responses including one from Pat, Paul, Pat again, Gerald, and myself.

The comment was simply:

Does Federated Identity sometimes require Federated Authorization? Would be a great topic for your next blog entry...

A seemingly simple question. James followed up with his own post making it look like we were responding to some article he wrote on his blog and claiming he already new the answer to that question, but what he really meant was:

The perspective that I was actually seeking wasn't the architecture viewpoint but more of why industry thought leaders aren't talking about authorization and the over-abuse of the term identity management as a catch-all term and how these two problem spaces should become coupled in terms of the conversation.

I'm not sure how anybody could have gotten that out of the question above.

In any case, I think there are problems with the basic premise of federated authorization. If you look closely at the various posts in regards to this question, they all talk about how you can do remote or delegated authorization. This is typically done in a model where an enterprise or service company will have some central authorization service that maintains the set of rights that their customers have.

This isn't a federated solution in that the decision as to the rights afforded the user is not delegated to a foreign entity. Even in the shibboleth model, where a student at university A is granted access to a resource at university B, the authorization decision is made by university B (yes, it's based upon the federated data that the student is a student at university A, but the authorization decision is made by university B).

I think that is a common model and I don't see companies giving up the rights to authorization to foreign entities.

That said, I do see the value and benefit of having support for an remote authorization service, especially in an environment where there are many customers with many different levels of authorization at many service endpoints. The diagram below is from a presentation I made in October of 2005 at a Liberty Alliance workshop in Tokyo, Japan.

The issues around setting this model up are non-trivial. Essentially you need to be able to, on a service-by-service basis, define a set of knobs controlling access rights to each service and the valid range for those knobs (for example, an internet radio service might have knobs controlling the number of stations that are available to the user, the quality of those stations, and the number of endpoints from which they may listen simultaneously).

This type of model allows separation of the package definition (a sales/marketing issue) from the implementation of the service access (a development issue). The sales team can change packages fairly easily without impacting the development team (unless, of course, they need a new knob). This does put a lot of onus on the design of the knobs such that they allow the sales team to develop the appropriate service packages, but it's a big win when done correctly.

In an enterprise, this solution will present the same set of issues that come up with any RBAC implementation - the multitude of roles that need to be managed and the individual approvals necessary to allow the addition of access rights to a particular service within the enterprise. I think it's still doable with the knobs/settings paradigm, but given the "need to know" controls necessary for the privacy of employees and the protection of corporate trade secrets, the result is a vast multitude of yes/no knobs.

Tags : / / / / / / /

Wednesday, December 13, 2006

Merry Christmass

A geeky Christmas Card from a colleague at Intel.

Happy holidays to all!

Tags :

Tuesday, December 12, 2006

Crystal Blue Persuasion

I'm glad Jeff doesn't bring this along with him to our Liberty Alliance meetings. I might not survive...

Tags : / /

Monday, December 11, 2006


Today's USA Today (yeah, I read it and prefer it when I'm on the road -- which is pretty much all the time) had an article about the "Gray Market" for electronics her in the USA. Essentially the retailers in the gray market, purchase electronics in other countries where they are cheaper and then re-sell them in the USofA at a lower price than the normal retail products.

Vendors, such as Nikon, don't like this and fight it, primarily by refusing to perform warranty repairs (and some refuse to provide *any* repairs)

I tend to always buy electronics with USA warranties. The prices for the gray market equivalents at reputable vendors don't justify the lack of warranty. Even at one of the most reputable camera dealers, B&H Photo, where they typically price both gray and USA market versions of the same product, I've always picked the USA product.

I find it quite hypocritical that these same companies feel it is their right to shop around the world for cheap labor for their manufacturing while they try to prohibit their consumers from doing the same.

I think it would be interesting if any vendor that used a global labor force had to live by a global pricing model (and therefore, support warranties on even gray market materials).

Tags : / / / / /

Sunday, December 10, 2006

Collections #2...

In my ongoing task to educate the less fortunate as to the world of Harley Davidson (and how H-D is able to make lots of $$ even when they aren't selling me a bike -- as I like the one I have just fine), here's my latest addition to my shirt collection:

This is, of course, one of the better type of dealer-logos, especially for an Irishman like myself. Even better, the bike in the logo is a red Road King Classic - the exact bike that I own.

The shirt (not the bike) was purchased at O'Toole's H-D up in Wurtsboro, NY (when I was up in NY visiting my parents for Thanksgiving a couple of weeks ago).

I'll continue to post new logos as I add to my collection :-).

Tags : / / / / /

Gadget of the Week #5

The advent of the Universal Serial Bus (USB) was a lifesaver for many of us -- not because it is this great communications interface that replaced serial and parallel ports and enabled those wonderful hot-pluggable disk/flash drives, but because it provides a good power source to recharge the myriad of portable electronics that we seem to be carrying nowadays.

This week's gadget is a retractable USB adapter system from Gomadic which allows a single retractable USB cable to power all of my portable electronics through the use of swappable tips.

This sure beats my old system of different retractable cables for each device, although I think life would be much simpler for me as a user if they had standardized on the mini-USB connector to connect to the retractable cable, but I guess that would have made their plugs compatible with other cables.

As you can see, I've already gotten the connector for my new 4GB Clix so I don't have to carry around the proprietary IRiver cable (which wasn't even retractable).

One thing that was surprising was that there were no tips for Nokia devices. Not sure why as I have other USB based cable systems for charging Nokia phones. Seems like an interesting choice of vendor to not support.

Tags : / / / / / /

Saturday, December 09, 2006

Is it the Cahill Blood?

My wife is sure it is. I'm not sure I can argue with her and I'm pretty sure most of the people that know us would agree -- especially if they've met my father as well.

This morning my wife, who teaches 7th grade math, was talking about a particularly hard test that she had given in her class and my daughter, Jessica, who is taking Algebra this year, perked up and said, "hey, do you have a copy of the test that I can take?".

Yes, my 7th grade daughter was asking to take a math test for a class that she wasn't in on a Saturday morning. I'm thinking that she wanted to show that the test wasn't all that hard :-).

Of course, my wife obliges her and prints out the test and Jessica digs in.

Later, Jessica's twin sister Lauren comes down and, after starting some cinnamon buns in the oven, had to jump in and get her own copy (I'm sure that she too wanted to prove how smart she was as she's taking algebra as well :-)).

And even later, after I went up and drug him out of bed so that he could take care of the dog, their older brother, CJ, comes down. CJ's a bit of a math whiz, taking multi-variable calculus in his sophomore year of high school, and seeing that his sisters weren't zooming through the test had to get a copy for himself.

Of course, after looking at it for a few minutes he had to ask my wife "Hey, what's this dot thing doing here", to which she replies "it's the multiplication symbol" and his response was "no it isn't, that's the dot product" (a concept that isn't introduced till much later in math).

I just find it quite interesting that all 3 of them found it interesting enough to take a math test for a class that they weren't in on a Saturday morning. Definately an interesting household!

Tags : / / / /

Pat asked for it

Well, Pat asked for it, so here it is: Pat Patterson and John Kemp with a Whole Lotta Love at the Internet Identity Workshop 2006B (sorry, no subtitling with this one):

That's the last of my videos from the conference (which I'm sure many of you are happy about).

I do want to point out that both this video and the frightening one were filmed using one of my former gadgets of the week: a Canon Powershot SD800IS (although Pat was the one who filmed the Frightening one as I was up on the stage then). It performed quite well given the bad lighting. Still very happy with that gadget and I've convinced several fellow travelers to buy one.

Tags : / / / /

Federated Identity and Federated Authorization

I guess James McGovern got his wish via his multi-posted this comment across a number of blogs (Paul, Pat and Eve's in addition to mine):

Does Federated Identity sometimes require Federated Authorization? Would be a great topic for your next blog entry...

At first I had thought I was the only such person (that I was special in some way) and I had started working on an article around this subject, but alas that wasn't the case - this was just a SPAM comment sent out in a shotgun approach probably to even more people than I mentioned above. However, it did raise an interesting question.

Pat first responded with a nice summary of two models for authorization.

Paul later responded with a nice article talking about the P*P entities (although I had thought it was XACML that had popularized the P*P, not SAML).

While I like both of their answers and don't disagree with their content, neither of them explicitly answered the question (I think they did implicitly, but not explicitly).

So, I'll jump in there and say that the short answer to the question posed is "No". Federated identity never requires Federated Authorization. A resource owner may require remote policy decisions (which is what I would call federated authorization and fits into Pat's 2nd model) or they may simply require federated attributes (sometimes just an identity handle for the user). It's all an implementation decision for the owner of the resource that's being accessed.

That said, I would say that the reverse is true: Federated authorization does require some level of federated identity (the authorization statement is a piece of identity that is passing across to the relying party).

Tags : / / / /

Friday, December 08, 2006

Very Very Frightening Indeed!

As I promised, here is the video (with subtitles) of our Bohemian Identity performance at the Internet Identity Workshop 2006B.


Tags : / /

Trust and OpenID

Over the past few days at the Internet Identity Workshop 2006B, a common theme that has been discussed is trust and especially the lack thereof between a Relying Party (RP) and the OpenID Provider (OP).

Dick Hardt's position is that the trust is between the RP and the user and the user and the OP -- not between the RP and the OP. It is up to the user to pick a trustworthy OP.

The problem with this position is that it is fine for valueless transactions (like identifying a user entering a comment on a blog) but very wrong for an RP that has resources that it needs to protect. Such resources include things like bank accounts, merchandise (ecommerce), or even just data that needs privacy protections such as my contact info, or my address book, etc.

The reason why trust must exist between the RP and the OP in such cases is that the RP MUST protect the resource from a malicious user who is trying to get to some other user's data. So the RP has to do things with the OP to ensure that the OP isn't confirming an identity for another user (and therefore the RP has some level of trust that the OP is confirming identities for users in its own world).

So it's not that the RP MUST trust the OP in the case where everything is as it should be (the case where it is the right user using the right OP to get to their own data at the RP), but that the RP MUST TRUST that the OP is not enabling the malicious user.

In order to enable such trust, OpenID will end up having to replicate much of the protocol protections that currently exist within Liberty ID-FF and SAML. My opinion is, of course, that rather than replicating things yet again, profile them.

Tags : / / / / / / / /

Wednesday, December 06, 2006

Very Very Frightening

Last night, a group of us here at the Internet Identity Workshop 2006B (the more adventurous, or, perhaps, the ones who had gotten and used some extra drink tickets from Phil) got up and sang (not sure if you can really call it singing for anyone but Eve, but at least that's what we thought we were doing). The song was a new composition written with Identity in mind and sung to the tune of Queen's Bohemian Rhapsody.

Eve posted the lyrics for the new composition whose authors include Eve Maler, Laurie Rae, Peter Tapling, Derek Fluker, Bill Johnson, and Wes Kussmaul.

I've got some video of this "interesting" experience (I was up there "singing" so I can't claim any credit for the quality (or lack thereof) of the video -- talk to Pat about that) and plan to upload it, but at 700MB it's too large to upload onto YouTube (even reduced to 320x240 and compressed with MPEG2 and with DivX the video was still close to 300MB), so I need to do some editing at home before I can post it.

I'll let you know when it's posted (probably in parts).

Tags : / / / / /

Monday, December 04, 2006

Identity Triangle

Today, at the first day of the Internet Identity Workshop 2006B, Kaliya included a diagram of the identity landscape in her presentation. Later, Johannes wrote that this was an older diagram and posted his own updated image:

I have a number of issues with this diagram, including:

  • The diagram uses a fairly small feature of the different technologies to classify them: IdP Discovery. URL based Identities for OpenID is just the portion of OpenID where the Relying Party discovers the Identity Provider for the user. Card Based Identities for Cardspace does a similar thing (although MS also adds data in the card).
  • I have no clue what it means for SAML/Liberty to be "invisible" in this diagram. Having been involved in Liberty since its founding and in SAML during the 2.0 process, the discussions of IdP Discovery always revolved around 3 methods:
    • User specifies the IdP, either directly (like typing in a URL) or by selecting an Icon on the SP's login web-page. This is similar to the model used by OpenID.
    • The user's client has the capability of directing the request to the appropriate IdP following a local interaction in the user (the LECP profile in ID-FF and the ECP profile in SAML) - this is similar to the model used in Cardspace
    • A common-domain cookie is used to store the list of recently used IdPs and the RP uses this information as a hint for finding the IdP.

    ALL 3 of these are fully supported by both SAML and by Liberty ID-FF.

  • If "Primary Adoption Vector" is meant to indicate how the various technologies are being adopted, the statement that Liberty/SAML adoption is driven by "internal IT needs for the enterprise" is wrong. Yes there has been a lot of IT adoption, but that has mostly been for identity federation to external providers rather than internal enterprise work. In addition, the vast majority of identities that have been rolled out (on the order of one billion) have been user facing identities. Take a look at the Adoption pages at Liberty's web site for more detailed information.
  • The "user-centric" ellipse around OpenID and Cardspace is misleading. The protocols for OpenID, Cardspace and Liberty all support user-centric implementations equally well. The ellipse, if there really should be a circle around all 3 of them (which probably makes it useless for this diagram).

To me, a better set of vectors to examine should be along the lines of privacy, security, anonymity, etc. -- the real measures of how acceptable an identity system will be both to businesses and to consumers.

Tags : / / / / / / /

Friday, December 01, 2006

Gadget Of The Week #4

This week, I bring you the new, hot off the press Iriver Clix 4GB (the one on top in the picture below) - an update to the Iriver Clix 2GB (the one on the bottom).

This upgrade doubles the storage space and adds a black matte finish (vs the shiny white finish of the original). The extra space is well worth it, doubling the song capacity to close to 2,000 64Kbs WMA encoded songs.

Iriver has taken a page from the Apple notebook and put together some refined packaging:

I love this thing and had fit close to 1,000 songs on the 2GB version, but was running out of room to the point where I had to be more selective about which songs to put on there. Now, I don't have this worry any more.

I've used the old Clix for about a year, flying all over the world including some fairly crazy trips and really like it... It's tiny, light, has a pretty long lasting battery (I tend to get around 10 to 12 hours vs the rated 25 hours, but that may be because I'm using WMA files vs MP3) and the sound is great. My Clix and my Bose Quietcomfort Headset put me into my own quiet, music filled world while flying.

Tags : / / / / / / /

Thursday, November 30, 2006

My Personal Best Panoramic Picture

In fact, I should just call it my best picture ever:

This was taken back in 2001 on the coast of Ireland outside of belaha with a Canon EOS D30 (yes, the 3MP D30 as opposed to the current 8.2MP 30D). At the time, I had no clue about proper panoramic photography. I just happened to be standing along the western coast of Ireland about half way between Doonbeg and KilKee:

And the scenery looked so nice that I decided to take a series of pictures with the potential of patching them together. I didn't do any of the standard things one would do for a panoramic -- just held the camera and took a series of 9 individual shots (the original shots start here) that overlapped a bit.

This just happened to be a very lucky picture, taken on a great day with a great subject (the Ireland countryside). I've tried several times to do this again in different areas, but have never gotten one as good as this.

I printed it at EZprints (an approximately 9 foot long x 12 inches tall panoramic photograph). They did a great job. One of the prints is hanging in Igoe's Pub in Doonbeg (County Claire, Ireland). Another print is hanging in my office at Intel (I had to split it into two sections to get it to fit into my cube -- but then it gives it more of a panoramic feel sitting in the corner like that):

Tags : / / / / / / /