comments on directory services
 Tuesday, February 04, 2003

AUTHenticated Sending

Jeremy Zawodny and some other yahooligans were discussing a bit of a change to the guy shuffling your mail about the network:
One of the ideas tossed about was to implement a system that would make it easy for any MTA (Mail Transfer Agent--the programs that deliver e-mail on the Internet) to verify that a message that claims to be from really is from a user.

Any MTA? Or the MTA at Yahoo?

This basically entails linking the MTA to the directory so that the contents of the RFC 821 MAIL FROM: envelope header are confirmed to be valid, deliverable addresses. This is distinctly different from confirming that the MAIL FROM: belongs to the sender, which is one of the things the SMTP Authentication extension attempts to do — assuming that the entity with the ability to authenticate to the MTA is also the entity whose address is in the MAIL FROM: header. However, confirming that the sender's address is valid, even for one's own domains, exposes another problem — automated scanning of the directory — while not effectively eliminating the problem of fraudelent senders.

Say someone would like to deliver mail to, but wishes to not use their own address. They would merely need to use an address, not the same as the recipient address, as the sender. Authentication would work to ensure that the sending entity has at least some passing relation to whom the mail says it is from, but with a free mail service there's no barrier to establishing disposible accounts for spamming purposes.

Now, the directory scanning would be made possible by collecting responses to addresses given as possible MAIL FROM:s. This is slightly more efficient than collecting non-delivery notifications resulting from a spam.

On the other hand, we do want valid addresses, rather than fraudulent, invalid ones.

11:51:26 AM # Google It!
categories: Directories, Messaging

 Monday, December 23, 2002

Keeping Up With the Joneses

L. M. Orchard has released a MoveableType plug-in to allow the use of an LDAP directory for authenticating authors. This is an essential step in integrating MoveableType into an existing infrastructure. Duplication and attempted synchronization of authentication credentials and user information generally degrades the user experience and introduces errors. Supporting a common access protocol enables the introduction of new services while keeping the costs of deployment low.

2:37:27 PM # Google It!
categories: Directories, PWP, Writing Online

 Wednesday, October 30, 2002

A Simple Join

David Fletcher points out Maporama. I like this one. MapQuest used to provide the latitude and longitude for the point mapped, as part of the graphic, but stopped doing that. Maporama provides it, in text!

Paul Shane and I once discussed linking phone numbers to GPS information. Towns pay big bucks to do this for 911 implementations. Emergency services should be able to find their way to the emergency given just a phone number, if necessary. We were disappointed to find that while MapQuest provided latitude and longitude, and let you search by them, it did not provide a means to search by phone number. Nor do Maporama or Yahoo! Maps. What Google does is join the information in the telephone directory with the information in the geographic directory, mapping a phone number to a place, or a place to its phone number.

Can you imagine how joining these databases could change caller identification? Ignoring the unreliability of the Caller ID information for the moment, consider what you could do with CTI at home. Suppose your phone could speak to your computer, and you have a persistent Internet connection. A call comes in, carrying Caller ID data. Your system takes the data, maps the phone number to an address and a name, shows you where the call originated, checks your address book for more personal information, locates the web site related to the calling number, and the next thing you know you're watching the web cam of the little twit who thinks he's being funny by prank calling during dinner.

But then, that's a typical CTI fantasy.

9:18:11 AM # Google It!
categories: Directories, Industry

 Friday, October 25, 2002

Google Directory

David Weinberger [via sysrick] pointed out Google's phonebook. In combination with street maps, they can take a phone number, or a combination of attributes, and show you where someone lives — or at least what phone number is associated with which premises — if the number is listed. Maps are provided indirectly by Yahoo! Maps and MapQuest. (Google constructs the appropriate URI for finding that location on the map while you rest.)

What remains is for Google to relate "+will cox" to "william cox" and other variations of my name, and tie my domain to the telephone and map directory. The data is already there, though I could help Google along by providing a bit of text in the sidebar. Thus the tangible and virtual worlds join.

(Meanwhile, Google Cooking is helpful for those last minute refrigerator cleaning sessions.)

9:36:45 AM # Google It!
categories: Directories

 Tuesday, July 23, 2002

Hey, Larry, go take a flying ....

The federal government will not have the authority to nationalize drivers' licenses and other ID cards. Authority to design and issue these cards shall remain with the states. The use of biometric identifiers and Social Security numbers with these cards is not consistent with a free society.
Summary: The Chairman's Mark for a Bill Establishing a Department of Homeland Security, July 18, 2002

Mr. Ellison has an absolute trust in his database management system's ability to properly manage data. But, Larry, I've got news for you: the DBMS is only as good as the data. I've been on enough database and directory integration projects to know that there is no authoritative data source. You want to take data from organizations that have trouble distinguishing between persons from two different generations who have the same name, but different birth dates and different Social Security numbers? And you want to merge this data into an authoritative source?

Yeah. Right. Next thing you know, you'll be arrested for impersonating the Shogun, or lobotomized for a typographical error.

5:19:47 PM # Google It!
categories: Directories, Identity, Law

 Thursday, April 25, 2002

We have met the Enemy, and he is .US

icann.Blog is doing an excellent job of following the .us top-level domain sell-out.

NeuStar's plans, if you could call them that, have struck me as having a fatal flaw from the beginning: the namespace is too small. There will be inevitable collisions at the top-level because registrations are allowed there, instead of being relegated to, or, more appropriately, considering the sites I've seen today, at Take, for example, me. I'd like to have a short, memorable domain name using my last name. Cox Communications would probably like the exact same one.

It entered the WHOIS database just as I finished handing over my plastic. What a farce.

6:21:26 PM # Google It!
categories: Directories, Industry, System Administration

 Wednesday, February 27, 2002

This price list for membership in the Liberty Alliance is disturbing, particularly having to pay at least US$1000 for access to the specification. It limits how "open" the service will be.

11:51:22 AM #
categories: Directories, Identity, Security