I’ve authored a whitepaper titled Smart Implementation of Role-Based Access Control now posted on the Novell Consulting web page. Here’s the blurb I provided to the web team:
Role-Based Access Control (RBAC) is an identity-based approach to provisioning and access control that can improve security and compliance, while at the same time reducing IT costs. Achieving these benefits, however, takes more than technology — it takes new business processes and a new way of thinking about access rights. Based on Novell Consulting’s experience implementing RBAC with our clients, this whitepaper describes our best practice approach to RBAC.
I understand that vendor whitepapers are a dime a dozen, but I really put some effort into creating some compelling content for anyone looking at implementing RBAC. Unlike so much that’s written these days on the topic, it’s based on real-world experience. But, you be the judge.
I also have a second whitepaper in the pipeline dealing with another of my areas of consulting experience: the economics of open source. Stay tuned.
§ February 12th, 2007 § Filed under Open Source Comments Off
Stephen J. Vaughn-Nichols posted an essay by Bill Weinberg in which he asked “Will GPLv3 energize Free Software, or Marginalize the FSF?” Good question, and for a long time I’ve been thinking it’s the latter. Weinberg describes his past work at the OSDL and his interactions with the FSF:
At OSDL (now the Linux Foundation), we used to perform “gap analysis” to compare Linux to legacy and to find where Linux was wanting, feature and function-wise and to capture barriers to adoption. The elephant in the room, the unmentionable and greatestl barrier always ended up being, well, licensing. Certainly the multiplicity of OSI-recognized licenses got the lawyers going, but for sheer legal consternation, no, constipation, nothing ever beat the GNU General Public License. Even back at MontaVista I spent more time than I care to recall presenting, writing, soothing , cajoling and otherwise convincing OEMs that inclusion of GPL (v2) software in their products would not end civilization as they knew it. That it would not gift their closely-held intellectual property to the first hacker or cracker that came along, let alone to their competitors.
I actually had the audacity to describe this situation to the Free Software Foundation. Their response (circa 2003) crystallized the whole question for me. “This not a popularity contest,” opined the FSF director at the time, “This is about Freedom”.
As I’ve repeatedly opined, the FSF is trying to achieve a complete upheaval in our IP laws, but are doing so outside of the political process which is how laws are ultimately made and changed. In an ironic twist, they are trying to use their IP rights to keep others from exercising their IP rights, all in the name of freedom. The recent brouhaha in which the FSF was incorrectly reported to be considering banning Novell from selling GNU is notable not only for its sloppy reporting, but also because so many people were willing to believe it was true (me included).
So how is all this going to turn out? According to Bill Weinberg, like this:
The Linux kernel will remain GPLv2. Some amount of user space software, especially GNU projectware, will move to GPLv3 with no great impact on broader adoption except that that code will get left out of commercial deployments (e.g., on consumer products and phones) to sidestep GPLv3. If the same strictures impact LGPLv3 in its final form, then key libraries like glibc will fork along license lines or already-waiting substitutes will be inserted in their places./p>
Adoption will trump a narrow view of Freedom. The FSF role will shrink to marginal proportions, and GPLv3 will become, sadly, just another license.
Too bad for GNU and the FSF, but a good thing for the global adoption of Linux as a public good, an open and universally accepted piece of infrastructure fueling the digital age. AKA freedom.
Update: Sun is considering dual-licensing Solaris under GPLv3 and its current license, apparently in an attempt to displace Linux as the kernel-of-choice for the FSF crowd. This doesn’t change Weinberg’s assessment above: “the FSF role will shrink to marginal proportions”, but it does say something about Sun’s view of Solaris’ future.
§ February 8th, 2007 § Filed under Identity, Open Source Comments Off
Congratulations to all those in the OpenID world for Microsoft’s embrace of your efforts! It’s a great milestone not only for JanRain, Sxip, and Verisign, but also folks at NetMesh and SixApart not officially involved in the agreement.
It’s also a good deal for Microsoft, which is what seems to have gotten some hackles up. From Kim Cameron:
Here is Dick Hardt, CEO of SXIP, explaining our joint announcement on OpenID and CardSpace to people in the community who may worry that Starship Microsoft is about to land on OpenID and squish it.
This morning Microsoft announced they would support OpenID in future identity server products. Although this is a huge endorsement for OpenID, there will likely be many people that are fearful of what Microsoft’s involvement may do to OpenID.
[...]
I look forward to bridging the Microsoft and OpenID worlds today. The team at Microsoft get what we are doing in OpenID, and want to enable their technology to take advantage of the reach of OpenID, as well as enable the OpenID community to take advantage of CardSpace technology. This looks like a win-win for everybody.
[...]
Let me say something about potential squishing. It just won’t happen. One of the best things about OpenID is its organic quality, and the last thing we want to do is interfere with that.
Also via Kim, some commentary from Scott Kveton at JanRain:
There are a couple of points I’d like to make outside of the above announcement to hopefully address any concerns that the OpenID community might have:
- JanRain will never require users of our libraries or services to use Windows CardSpace ™. We offer support for this technology as another option for users much like using our Safe SignIn and Personal Icon technologies on MyOpenID.com. We’ll also continue to support the OpenID efforts going on with Mozilla and Firefox.
- Windows CardSpace â„¢ is shipping with Vista today and is a well thought-out technology that helps address many of the privacy and security concerns that people have had with OpenID. OpenID helps users describe their identity across many sites in a public fashion. The two together are very complimentary products and each has its strength.
- Microsoft did not cave in to the OpenID community and the OpenID community is giving nothing up to Microsoft. This is a collaboration on bringing the best technology to the marketplace as quickly as possible to help secure users and solve the single sign-on solution once and for all.
- Please reserve judgment on what this all means until you see it all work together. The technology is really quite simple and the ramifications for end-users is huge. It also goes a very long way to completely addressing the phishing concerns we’ve heard so much about.
Why is it that any collaboration or cooperation with Microsoft is immediately greeted with suspicion, paranoia and a sense of betrayal? Well, actually, I know why, but is it still justified? My employer, Novell, is still getting hammered by those convinced we sold our corporate soul to the devil when we signed a deal with Microsoft. Matt Asay, who is otherwise a thoughtful commentator on all things open source, said at the time the deal was announced that “Novell got duped.” Daniel Lyons at Forbes said:
Microsoft has done this many times before, so often that Redmond has a name for the technique: embrace, extend and exterminate. And yet people keep doing these deals. Usually, it’s weak, struggling, desperate companies with declining market share and little hope of turning things around. In other words, just like Novell.
But the consensus among those of us within Novell working on the front lines post-Microsoft-deal is that it is unquestionably a good thing for Novell, our customers, and the open source community. And so I believe the assurances of those involved that the Microsoft-OpenID deal will turn out similarly.
Now, none of this is to say that there is a new reformed Microsoft today that only wants to share the love with the rest of the industry. But I think these deals reflect the fact that Microsoft is not omnipotent. Bottom-up community-driven efforts can reach a tipping point, where Microsoft needs the community as much as the community needs Microsoft. I think this is true of OpenID as well as Linux.
*”Best Friends Forever.” In case you’re not a South Park fan, see here.