Slashdot Mirror
A Universal Roaming Profile?
Arnaud Sahuguet asks: "I have a cell-phone with my phone book, a PDA with my calendar info and my address book. I have my home desktop bookmarks, my work desktop bookmarks, my laptop bookmarks, my PDA bookmarks, etc.
They are all mine, but somehow they are not, because they live in
different networks (or on the same network but with different operators).Everybody keeps talking about convergence, but I don't see any
convergence on the user profile front (data that matters to me). Microsoft is pushing for .NET MyServices, Sun et al. are pushing for Liberty Alliance, Apple is pushing for .Mac. Is it the right way to go?" One of the large major issues surrounding such a system would be implementing it in a way where the user can control the flow of data: where it is stored, when a certain piece of data can be sent, and who is allowed to get it. Sounds like a fine idea to me, what do you all think?
Napster is (I should say was) a community of users willing to share MP3 music files, administered by a central server managing meta-data about users and files. I don't know what the exact goal was, but I can see it as a way to free ourselves from the music industry monopoly.
GUPster would be a community of network entities (e.g. servers at Yahoo!, server at SprintPCS, servers at my university, my home machine, etc.) willing to share standardized user profile components, administered conceptually by a central server managing meta-data about entities and components. The goal is to create synergies between network components in order to deploy value added services for the user. (Since I am working for the telecom industry, the goal is to make network operators happy by making end users happier.)
Just like in Napster, my user profile information will be distributed but the meta-data will be centralized (at least from a logical point of view) at the GUPster server. This way, I can decide that my credit card information will be stored at my bank, my calendar information on my Yahoo! account, my game scores on the Sony web site, etc. Network components storing my profile information will have to support the right set of interfaces and protocol and will register to the server the pieces of my profile they are storing.
Note: I will be the one deciding who stores what. Think of it as like moving to a new place. You can choose your electricity, gas, phone, cable and Internet providers.
Applications willing to access any of this information will talk to the GUPster server. And just like Napster, the server will not return data, but referrals (i.e. where this information can be found).
Unlike Napster, the central server will also enforce some access control policies defined by the user (let's call them my 'privacy shield'). If the request for user profile information is not OK (e.g. nobody can access my presence information after 9pm), the returned referral is empty.
Does it sound crazy?"
"As a user:
- would you be willing to have your personal profile information stored on the network?
- who would you trust? Your bank, your ISP, your cell phone provider, your company, the EFF, no one but you?
- what kind of guarantees would you require?
Napster is (I should say was) a community of users willing to share MP3 music files, administered by a central server managing meta-data about users and files. I don't know what the exact goal was, but I can see it as a way to free ourselves from the music industry monopoly.
GUPster would be a community of network entities (e.g. servers at Yahoo!, server at SprintPCS, servers at my university, my home machine, etc.) willing to share standardized user profile components, administered conceptually by a central server managing meta-data about entities and components. The goal is to create synergies between network components in order to deploy value added services for the user. (Since I am working for the telecom industry, the goal is to make network operators happy by making end users happier.)
Just like in Napster, my user profile information will be distributed but the meta-data will be centralized (at least from a logical point of view) at the GUPster server. This way, I can decide that my credit card information will be stored at my bank, my calendar information on my Yahoo! account, my game scores on the Sony web site, etc. Network components storing my profile information will have to support the right set of interfaces and protocol and will register to the server the pieces of my profile they are storing.
Note: I will be the one deciding who stores what. Think of it as like moving to a new place. You can choose your electricity, gas, phone, cable and Internet providers.
Applications willing to access any of this information will talk to the GUPster server. And just like Napster, the server will not return data, but referrals (i.e. where this information can be found).
Unlike Napster, the central server will also enforce some access control policies defined by the user (let's call them my 'privacy shield'). If the request for user profile information is not OK (e.g. nobody can access my presence information after 9pm), the returned referral is empty.
Does it sound crazy?"
Microsoft Passport?
*ducks*
Robots are everywhere, and they eat old people's medicine for fuel.
do you really think we want to trust someone else with that information? and if we did, would it be a commercial interest? I lied on my profiles from the time I got my first Hotmail acount more than half a decade ago. And I've seen more problems with companies having people's information than i care to count since then. So I don't see anyone with a background in information security or an idea of what goes on with that information, particularly those of us who are paranoid, as liking this concept one bit, regardless of who controls it.
In SOVIET RUSSIA... erm...NSA AMERICA, the Internet logs onto YOU!
I read through this serveral times, and it's still a little confusing, but here goes...
If you want only certain people to have access to your info, i say set up a service in which you have one user name and PW and, for a fee of course, that service would either forward the person that logs in into your own encrypted webspace, or host it themselves.
To not turn into MS Passport this would almost have to be a pay service to eliminate ads and the possibility of disclosure of info.
-=Errors always defy logic.=-
.. and it (theoretically) solves this problem by allowing you to put the data on the network, where anyone under the sun can access it, but only you can decrypt it.
Your PDA's and home computer and cellphone all have the decrypting key and they can make the data into something useful, like say, your contacts.
Of course, this means there would have to be a means to get this key onto all your devices, a standard for the data to be stored in so that it can be grokked post-decrypt..
To paraphrase Ratbert, I'm more of an idea AC.
what about when this profile gets accessed by someone else? someone is bound to figure out how to spoof usernames and get another user's profile, giving them full access to all your information! now doesnt that sound like fun? it takes identity theft to a new level when your entire identity is on a network.
"And perhaps, posterity will thank me for having shown it that the ancients did not know everything." -Pierre Fermat
With some storage space for any type of files that I want to push onto the server. I don't know if such a service is out there, but I'd use it is they were cheap enough.
have given all my personal information to Microsoft. Now I can go anywhere I want. If only I didn't hear the same voice in my head that tells me to stay away from penguins I would be happier.
hell I don't even trust my own bookmarks on my own computer.
Girlfriend: Bill, why do you have two more links listed under Porn?
Bill: Uhh, I have always had those, they are there just for laughs.
Girlfriend: Bill, what a bunch of crap.
Bill: Actually, they are full of great sites.
You are looking for something like XNS. There is a company called OneName in Seattle that is working on a solution to do exactly what you want.
How about just exporting everything to .txt and sending those files to HOTMAIL or another free web based email server. That way all your #s, people, things, etc are at your fingertips no matter where you are as long as you have access to the Internet.
Or if you lose your palm on a trip you could buy another at some store and update it nearly immediately.
Just a thought.
Yes, I'm an agent of Satan, but my duties are largely ceremonial.
Nobody here will trust the government to setup a universal ID card - why on earth would we want a full profile, ready and waiting to be hacked?
Even the idea of what you are suggesting (info on the Internet) scares the shit out of me.
Now, on the other hand, a profile based on a physical item (ie/ a cd, datacard, etc) might be a nice idea. Just plug it into your PDA, cell phone, laptop, pc, etc.
Of course, considering how much information about me is sent across the Internet, maybe it's time to just give up privacy.
If we have to do that, let's at least all go nudist. That might be a fair trade off then...
Robots are everywhere, and they eat old people's medicine for fuel.
yay,
i think it has something to do with this lunix thing i've been using. does it happen often? also my mouth feels kinda sticky
It's called my brain. Seriously though, I follow the philosophy of "A chain is only as strong as its weakest link." Distribution of resources (with no central access) limits the damage of a single weak link.
Of course, though, if I was interested in a central system, why not something implemented with a directory service (e-Directory or AD)? A nice little certification architecture for a multi-tiered privilege structure? I'd put my faith in NDS before a lot of the other products mentioned.
What is music when you despise all sound?
Without considerable redefinition of privacy and substantial limitations on business re-use of such: nobody but me.
I like the idea, as it is heirarchial, like DNS. The request for data goes to the "central servers" and from there it gets pointed to the server that acutally holds the data. Its a rather good idea, provided that the protocol is open ala DNS, and that the central servers are controlled not by one company, or group of companies, or even a company at all. It needs to be a non-profit that gets only strings free donations so that no entity wanting money can influence the decisions the group makes. So basically it will never happen ;)
A universal roaming profile? Isn't that what personal electronic devices (said: notebooks) are for?
... is an open source (preferably) suite that I can run on my PC at home, where I can decide the access controls, and have complete control privacy policy. Ok, so this requires a permanent connection, but that's becoming more and more available all the time.
I'm not all paranoid about privacy. I think that convenience is more important than any information people my glean from me ("He drinks PBR! We've got him now"). So, that being said, I think that so far, Yahoo does one of the best jobs of any kind of convergence. While it's not open, they've got enough services where you really can start to integrate. You can sync your Yahoo mail with any mail client, you can store your browser bookmarks there, files, notes, etc. You can get all of your Yahoo info already personalized in a Sprint phone. You can take care of scheduling with your Yahoo, your cell phone, or even text messaging to almost any device. It's not perfect, but it's the best I've seen. I'm even willing to buy some of their upgrades (premium mail, for example).
What you are looking for is a synchronization system (ie. SyncML). Passport and Liberty alliance only store authentication credentials and some basic profile info (ie. your contact info and optionally your credit card info for purchases.) SyncML.org has created an open standard for synchronization of PIM data so that you can have access to all of your contacts, appointments, tasks, bookmarks, etc from any devices or computers you sync with.
Look at:. openprivacy.org
http://oprivacy.sourceforge.net/
http://www
1) If people believe there is no Creator, then there is no absolute moral authority and so people are free to commit the types of atrocities that Communists (i.e., Stalin, Mao, Pol Pot, etc.) are historically guilty of.
2) Stalin and Mao together killed over 100 million people.
3) Vladimir Putin is committing aggressions against Chechnya and Georgia, even though those are now sovereign nations that are separate from the former USSR. Nations should not commit unprovoked aggression against other sovereign nations.
4) Freedom of speech must be preserved; Communism must be spoken against. Unfortunately Communist nations like USSR have cracked down on dissidents.
A co-worker and I just discussed this very thing yesterday! However, we defaulted to a hardware device that you would carry with you (quite possibly a PDA), then when you log into a machine, would have your preferences wirelessly available. Not just a desktop, but your cell phoen could wirelessly use teh address book for making calls, etc. I personally like the hardware solution best because then no one owns the cetral store of your personal data & preferences but you.
But, hardware or software, the only way this would be useful is if there was a standard for these major classes of data so multiple devices and applications could read, and in some case modify, the data. Your cell phone might not only want to use your existing numbers,but add a number when you receive a call from a never-before-seen number.
Who would make such standards? Surely Microsoft could give it a stab, and then extend it beyond usefulness. Maybe some of the existing standards are good enough, or could be extended (vCard, vCal, etc.).
Probably all just a pipe dream anyways.
I had to go shave my bed. I go kind of nuts when
I hear or read corporate buzzwords.
-Dirkr
Eat wet cement, get stoned.
with netscape 4.x (dunno about mozilla), you could store a roaming profile in an ldap db. then you could log in with navigator from wherever and instantly have your addressbook / bookmarks / preferences / mail settings magically load up. i have seen it work, and it was pretty sweet.
-BlueLines
--BlueLines "The cost of living hasn't affected it's popularity." -anonymous
There's no need for trust. Store my data on your server but store it encrypted. Only I have the decryption key. Everything I send to you and receive from you is encrypted. You are just providing the storage (and possibly I am paying you for this service).
Now, I don't need to trust you. I, of course, do have to trust my local machine and I have to trust the client I use to access my files. But I do not need to trust you.
Oceania has always been at war with Eastasia.
I think ppl should have an implant in their ass which would store all this profile information. Then each device would beam your ass asking for your profile and indentity, read it and display all your personal settings.
USB Keychain drives. 128MB, on a key chain. You can encrypt sensitive stuff, put programs on it, put your book marks, e-mail, etc on it, and it follows you wherever you go.
Why store it on someone else's network?
Now you have a single point of compromise for someone to gain access to you and all things that matter to you. Do you really want to do that?
Some people view crappy MS products as an insult, I view them as job security.
Ok this is what I wanna see.... Every computer, PDA, cellphone, laptop, etc have fingerprint scanners. You turn them on and w/ your fingerprint you login your profile is pulled from a secure server over the net. This contains your info and profile... This is info is held in ram on the computer in a secure way and email clients, web browsers, im clients, etc.. all have plugins to use this info. Anyone see a problem with this and why it could not be made possible in the future?
Not sure if this is really the same you are talking about (I'm having a sleepless night and haven't really taken the trouble to read your post), but I think the main issue with roaming profiles is lack of standards.
First of all there's the filesystem (how to actually get to the profile). NFS seems to be the UNIX standard, whereas Samba (AKA CIFS) is pushed by MicroSoft. Then there's the whole set of alternatives that claim to be better, but for the most part are in too early stage of development. Names that spring to mind are Coda, AFS, and Dav. And there's the standard Internet protocols HTTP and FTP. Or maybe just rsync will do the trick?
Secondly, there's the format of the data itself. So you have your contact list. It has names, email addresses, phone numbers, and whatnot. So what file format are they stored in? Palm? MicroSoft? Plain text? XML? MySQL?
Etc. etc. The nice thing about standards...
Please correct me if I got my facts wrong.
You start your post talking about Bookmarks, Phone Numbers, Calendar etc. This is information you want to access from anywhere. Real easy: agree standard XML formats, trusted authentication services, and security protocols. Whammo-bammo you can access your bookmarks from anywhere using pure XML and a password.
But then you start talking about banking and privacy and trusted companies. This is totally different, it's information you want others to access from anywhere; and the security model wouldn't be remotely similar. Which are you talking about?
Your GUPster idea is also fatally flawed because you're talking technology -- same thing as Microsoft and Sun and Apple. Talk standards and maybe you'll get somewhere. Anyone can come up with a technology to do this, but it's only in getting people to agree that you'll come up with anything decent.
...but I just carry a floppy disk around with a few text-files on it. A HTML bookmark page can be viewed on pretty much anything if you stick to HTML standards and don't use any dumb formatting.
:-)
I'm considering buying one of these. I'm a bit worried about the software requirements, though ("Requires Windows 98, ME 2000, Mac OS 8.6 or greater"; I guess my Linux box is greater...). They look like a nifty way to carry my stuff around with me. Until I lose it
--Jon
Cleanstick.org: Dumb weblog about nothing
Bookmarksync will take care of your bookmarks for Winboxen. You can use it to access bookmarks from work via web, add bookmarks from work via web, download your bookmarks locally to any computer, and sync bookmarks between Netscape v4.x to IE. Its not free, but it works.
JOhn
Campaign for Liberty
I would suggest looking closer at the Liberty Alliance Project. Most of the comments on this topic so far have expressed disaproval of Passport and projects like it. The Liberty Alliance Project is not like that in any respect. It is a set of rules and XML Schema that basically create a situation, for the purposes of authentication only, no user info is passed between sites, making universal signon easy and safer.-Ryan
Ryan Singer
I just email a copy of handy documents, files, etc to my web email account.
.emacs configuration file? Got that too.
When it changes, I email myself a new copy, and delete the old one. That way I can access it from anywhere with a net connection. Phone list? Got it. List of family birthdays? Yep. My
Of course this only works for small files, and so long as no one knows that I do this, and no one finds a way to hack into my web email account.
Hmmmm I just might need to post this one anonymously.
Why are you dating a girlfriend who doesn't like porn?
Finding God in a Dog
Take a look. This is the first of open standards to control information about yourself.
May we never see th
A better solution than storing it on someone else's server would be to make the interface synchronizable between platforms.
I'd keep a copy on my work desktop. I'd sync my home PC and my work PC over the internet (using VPN or SSL, of course.) I'd HotSync it to my PalmOS device. My Palm could Bluetooth it to my phone. My phone could GPRS it to my car's phone. My wife could sync the "Family" category on her Palm to the "Family" category on my Visor.
PalmOS does this sort of thing now with the HotSync program, but only in the limited "Handheld -- Palm Desktop -- Outlook" chain. With a robust protocol (almost certainly XML) and a strong standards committee this should not be an insurmountable task.
John
I prefer the .CBN format for data storage.
Non-geeks don't understand it, and it's open sourced!
A: adj. The end-all be-all of human existence, usually emphasized by its combination with an expletive; See The Shit; See The Bomb
"Fuckin' A, brother!! The Jive Page be the shit and then some on the receipt!"
Check out LinQup, it sounds like its exactly what the poster is after.
Don't know the schedule for PDA clients, etc, but its certainly on the right idea with generic profiles, i.e. your IE bookmarks are not just IE bookmarks, but generic bookmarks, that can be pushed into Opera on your Zaurus, or Mozilla on your laptop. Same goes for cookies and your email between different MUAs.
Not sure when its going to make it into the wild, but this truly rocks, and as one poster mentioned earlier, you don't need to trust the server the data is stored on, as its encrypted and only you have the key (on each of your clients).
While your cell phone probably does not have a USB port, most other gadgets do.
Carrying your information with you would seem to mitigate the security concerns of keeping a central network-based repository.
Has anyone tried to put their email, bookmarks, contact info, etc. on a flash drive and use it across the various devices in their lives? My life is, as usual, a little more complicated since I run multiple OSes & apps, but it still seems feasible.
There are two kinds of societies: sustainable and doomed.
Bell Labs. If you smart people can't figure it out what makes you think we can. :)
If we don't fight for ourselves no one will.
.yaw thgir eht si caM
.mac doesn't have a damned thing to do with your profile or bookmarks, what kind of crack are you smoking? Or did you just include that because you wanted your ask slashdot to look cool?
The poster illustrates the problem with examples such as bookmarks and address books ( which is a different problem than what liberty et. al tries to solve I believe) . These kinds of information can already be kept in an LDAP server and most applications can store and retrieve these from those servers. Outlook does it, mozilla does, ximian does it.
LDAP address book support is relatively mature in most email readers. Check out OpenLDAP for more info.
Single sign-on can also be done via LDAP. Or Kerberos/LDAP if you're so inclined. Netscape NTSych product, the Psynch® product, etc. can be used to sych NT or win2k with an external database. Check out projects such as pgina. There's a free general purpose NT password sync dll available from AcctSync. This DLL is nice, you can catch user passwords and pass them to an arbituary script with the username. This could be a perl script that updates LDAP to a vbscript that updates the coresponding Oracle user, it doesn't matter.
Also, it's simple to store public certs in an ldap server, making it easier to deploy PKI on a budget ( you don't want to know how much netscape and novell charges for this per user, trust me :)
In short, a lot of your problems can be solved right now by running a LDAP server and configuring your applications to rely on it for their datastore. Good luck.
Based on upvotes, Ageism is the only "-ism" Slashdotters care about and think isn't SJW
For those of you familiar with the GSM mobile networks, the idea of the SIM card is probably what first pops to mind. For those of you, who aren't: this is a small card that carries your identity, your phonebook and your mailbox. You can insert it to any GSM mobile phone (provider blocks excluded), and it becomes "yours".
Now, imagine the same with a bigger solid-state disc, that carries your entire home directory with your public and private keyrings, your mailbox and the whole thing is encrypted with a password set by you and known to you alone. You can plug it into a computer, into a cellphone, a pda, whatever. It IS you, just like the GSM SIM card.
Anything that you store remotely, is also encrypted either through your password or through your public key (if it has been received from someone else). Thus, the Big Brother worries go away.
Hey, it can even replace your driver's license or passport. I'd trust it.
I don't bother with full profiles, but I use rsync on a daily basis to sync my home jukebox with my libretto along with a few other things (I also keep my ssh private and public keys on the keydisk, never storing the private keys on a hard disk). .config files in a *nix environment are beautiful. Too bad most windoze proggies have no clue about multi-user environments.
>
Are you serious????????? Of course NOT NOT NOT!!!!!!!
Rien n'est plus beau que le creux du 0.
Hotmail and many other free e-mail services make no representations about availability, reserve the right to terminate your account for nearly any reason, and do not encrypt any communication other than login uid/passwd.
I used a hotmail account for web site registration (to reduce spam to my usual email address). Apparently I didn't log into the account for a period of 30 days, which caused hotmail to delete all of the messages, registration information, and order receipts that I had stored on the account.
Bad.
Consider storing data using servers local to your Internet provider (or company). This data could either be placed in LDAP-style servers, or in XML over HTTP. A mechanism could be designed whereby you establish your identity using your e-mail address (e.g. joe@example.com), name servers query ns.example.com for information about this service (using SRV records perhaps).
So when you get a new cell phone, you'd tell it your e-mail address, and maybe given it a password, and it'd go fetch the information about you and store it into the phone, perhaps refresing it at intervals (or for every session).
When 3rd parties query this server for information about you, they do so over a two-way authenticated SSL session. You either arrange in advance, or in response to the request, to allow these bits of data to be accessible to the requestor. Maybe exchange P3P-style policies first.
You could implement this in HTTP by storing different "units" of information in XML under different URI's, and apply different ACL protection over each URI. You could either explicitly whitelist certificates beforehand, or use a combination of certifiate + a password that the 3rd party provider passes through to pull the requested data.
Updates could be handled in a similar fashion. If you trust a 3rd party to update certain information on your behalf, perhaps using your own SSL certificate, you could let that happen too.
Just some thoughts..
Don't you want to keep your phone book, your calendar info, and your address book *private*? It would be useful if I could transfer my things from one medium to another, but that's about it. I don't really want to have people put themselves on my calendar without my permission. Are you really sure you're talking from the perspective of a consumer?
Where's the Open Source solution to this problem?
.GNU ?
Why the hell isin't ther a
Back in Netscape 4.x days I had my netscape profile roaming across three home computers, and several computers at work. It worked great. You could select certain items to roam ... for example, the actual browser preferences file, calendar entries, bookmarks, cookies, etc. I think it might have even let you roam certificates (but maybe not).
... probably in NS 7 though.
... instead just MS-bastardized standards designed to get you to purchase more of their software so that it will work together (hah).
I use Mozilla now and I didn't see the roaming functionality in there on a quick check
You could setup to Roam and store your info in either an LDAP database or on an HTTP server (much easier). You could then use SSL for those of you that are concerned with security to roam. Whenever you exited the browser, if you'd changed something (for example, new bookmark), it would update the central profile location with the new files. Nice feature, there were a couple of point releases where it would get confused and you'd wipe out your bookmarks on one system, but that was not a concern since you ended up with copies of everything on multiple computers.
Note that Netscape's roaming support extended to Unix systems too. It was sweet. Too bad Microsoft's browser monopoly killed it off. We won't see real innovation like that anymore
A lot of you said people wouldn't store their profile info on someone else's network. Most people would though. Most of you store your email on other people's network right now. In this case, I was using my own colocated server and also ran an IMAP server on it to keep my mail in sync.
The biggest problem they had w/roaming was the lack of documentation. You can go back into newsgroup archives and occasionally run across some poor soul trying to figure out what you had to do on the server. Once setup, though, it worked great.
Good to see that we're now going to try and reinvent the wheel. Of course, this wheel will only work with a Microsoft axle, transmission, engine, and body, and it will cost you every time it turns.
why on earth would we want a full profile, ready and waiting to be hacked?
Mostly because it would be a single point of failure as opposed to our current world of multiple points of failure, any of which lets the cat out of the bag.
I probably have my cc number in 200 different databases that are connected to the Internet. Some are well managed, some are not, and if my info gets out, I have no way of being sure which one failed.
The real wonder is why the consumer finance companies haven't come up with anything yet. It seems they suffer the most from internet fraud, compete in large measure on an image of security and reliability, and have the resources and the clout to make an electronic profile, whether on a smart card or a server, a viable possibility.
what it comes down to is if you can make money
boils down to if the retailers will accept it, not the consumers
this will only happen if you cant cheat them because after all they dont want to lose money because the system is insecure
visa cards are after all very insecure but reatilers put up with them because they make them money
the key is retailers and they are not about to sign up to a insecure system just to get ripped off
regards
John Jones
p.s. Visa are in http://www.projectliberty.org and are not in the habit of throwing money away or doing it for the good of mankind
Each device needs to be able to access what you store transparantly to make things easy. What can a Palm read as an address book?
My first suggestion would be set up your own server -- something cheap, because you won't need a lot of horsepower. Then, install OpenLDAP and use that for storing everything. This is what LDAP is for.
LDAP can be also tunneled thru SSL for devices that support it.
I'm in the middle of installing LDAP services for a big telco who is using it to store the roaming profiles of their new 3G wireless service users. Authentication is thru a RADIUS server tied into the LDAP server. (No, open source software is NOT used, but it could be on your part.)
Learning HOW to think is more important than learning WHAT to think.
Mod parent article a troll. That's a nice try to sell Palladium to the Slashdot masses.
I want ubiquitous storage with strong encryption. By ubiquitous storage, I mean that I want the storage accessible by all of my devices; my various computers, PDAs, cell phones, set top boxes, TiVo units and everything else.
I want each of the above devices to be able to read/write a common format so I can share my various profiles phonebooks and calendars and they are all different views into the same large database.
I also want each of these devices to be able to use the same strong encryption algorithm. The encryption is performed at the application level within the device. That is, when a device writes a record, the record is encrypted, then sent to the central repository where it is stored in its encrypted form.
I believe that in this way, I can have ubiquitous access to my data, shares across multiple devices without requiring me to hand over my data to a trusted third party. All I need is a ubiquitous third party. I provide the trust using strong encryption and good keys.
-tpg
This is a bad idea all around, just ask .mac users :P
Do you really want to put yourself in a position to have your data taken hostage. And can they really guarantee privacy or does private just mean that it is protected from hackers, but they and the law enforcement can access it anytime?
I'd much rather see a sync over the internet from my systems to my systems using a pgp key.
Giving the user choice as to where the data is stored adds a layer of complexity to the problem. IMHO, for the most part the user does not need to know where the various pieces of information are stored. The user would only have to be concerned with what type of services they use.
For example, the user should not have to be worry about where their addressbook is. It should be stored on some nameless "addressbook server" and made availlable to all of their email addresses.
"Note: I will be the one deciding who stores what. Think of it as like moving to a new place. You can choose your electricity, gas, phone, cable and Internet providers.""
kinda, the thing thats wrong with this is that an apartment is stationary. You do not get charged on *your* power bill when you go watch tv at your parents house. Or pay on your internet bill when you use some other machine to check email.
I have been using my.yahoo for a while now, and am really impressed. It can synch my palm, palm desktop, and yahoo, and some mobile phones. This means if enter an appointment in my Palm, then synch, Yahoo will send me a reminder email. It is great to know that what ever happens to my palm or desktop PC, all address, dates, memo and to-do list are all backed up and accessible on Yahoo. I can even get a CSV file of my address book etc.
Will
per mere, per terras
A friend of mine has come up with a pretty cool paradigm for centralizing personal information and then defining relationships with other folks that get access to the information. Basically, you have your big pile of personal information and you define specific data profiles (data filters) that you associated with each entity that wants your data. Only that filtered data is provided to the requesting entity. Its a very cool way to give the user total control (though it can be somewhat labor intensive for the user). Right now he has it powering a website for managing personal information and communities of contacts, but it could definitely be expanded to provide information to all kinds of service providers. Unfortunately, it seems to require a centralized service with a critical mass of people using it to be useful. Thus far, he hasn't been able to come up with a business model to support its growth and adoption. The grim reality is that it is going to be someone like Microsoft who will probably control this sort of thing if it ever comes together, not the user at all.
His site is azazoo.com.
What if I can't connect to somewhere to get my data, for whatever reason?
Here's an idea. compact flash is ridiculously cheap nowadays. Some sort of portable interface using it would be 'teh rox'. Slip a card in the reader and blam, instant profile, complete with bookmarks and everything.
I'd be happy if I could just get profiles to work in Win98. Put your IE stuff on a network, those nitwits and thieves at MS specifically disallow it, unless it hooks to Exchange. Screw that.
NS requires LDAP or an http for a roaming profile. Why not a shared drive H:? Another stupid design decicion. Mozilla fixes it? Nooooooooooooooooo.
Absolutely nobody is thinking of this, dweeb.
http://www.myhq.com is my choice for storing bookmarks..it's free, no ads and quite tweakable!
Wasn't this proposed several years ago, that everybody carry around a Smartcard with your security information and desktop environment? Unforunately, smartcard readers don't seem to have become ubiquitous in all computing devices. Still think it's a good idea, though. Functionally equivalent to the tiny USB disk drives, but smaller/cheaper/less memory.
"Freedom means freedom for everybody" -- Dick Cheney
Would you have your house, your car, your office, and your secret cash box all use the same key? It's all very convenient until someone else finds the key....
Got Rhinos?
I wouldn't trust anyone with all that information, but it's not like you have a choice, you don't own information about you anyway; it belongs to whoever collects it. Giving that information to any group is moronic, because they're going to sell it to anyone who asks. Need a list with the names, phone numbers, and addresses of everyone that has a link to Slashdot in their favourites folder? Going rate might be $0.05 cents a name. Rather not have your information sold? That's an extra $5 per month, on top of whatever the subscription costs are. Don't be fooled. Any company that gets into this is after money.
This is all on top of security.Passport has already been fucked, and it's not all that old. It certainly didn't hold up under any scrutiny at all. Of course, any company is likely to be better about security than Microsoft, who won't tell you about their security problems and doesn't engineer their products for security anyway. You might be safe trusting all your data to some company, but why take the chance?
At the very least, wait a little while. There are going to be farts in whatever systems are created for such things, but you don't really want it to be your data running around the net that lets everyone know Company X dropped the security ball, do you?
I made one web page that looked nice with a set of nicely organized links that my wife and I use most often. It's got all the important links to place I visit on a weekly/daily basis, for shopping, banks, etc... Then wherever I go, I just make that my homepage and instantly I'm in a familiar environment that will take me wherever I need to go.
I still use bookmarks for something I find interesting, or something I only rarely visit. And if I need to remember what that is when I'm away, I can just telnet to my box at home, find the file mozilla uses to store my bookmarks and get it that way. Between those two methods, I've never needed a bookmark I couldn't get.
Looking for a computer support specialist for your small business? Check out
The obvious answer to this, is to load a unix on everything, and share your home directory via NFS to all of these things, or perhaps a secure version.
Honestly, think of it. A minimalistic NFS with a bit more bandwidth and you have it.
Amen!
Start a standards group and sign me up -- seriously. This is one of the more irritating lingering problems of the internet age, and yet it's utterly conquerable.
Say I contract with 'Personal-Data-Inc' somewhere on the 'net (one of several providers). For x$/Meg, I get to store all kinds of encrypted nonsense about myself. But probably most importantly, I store some amount of 'profile-data' -- calendar/scheduling info, contact info, messaging/mail.
Now 'PD-Inc' implements a set of XML standards and standard key-sharing schemes to allow myself and certain others access to this data. I set permissions so that members of my 'family group' have access to a diffent part of my calendar than folks in my 'job group.' And perhaps there's purely public info in there as well.
Because it's standards based, many vendors can write clients, like a Eudora or an MS-Outlook, to access this stuff. Because it's based on a permissions matrix, read/write/update occurs in controlled manner.
From the perspective of someone implementing PIPs for RosettaNet (insanely large taxonomy, lots of methods), this is relatively uncomplicated.
The answer isn't to store your personal information somewhere new, but store it where you store it already - in your wallet. With flash cards and plug-in flash readers and the increased proliferation of USB buses, one would think it wouldn't be too big of a deal to sit down at your computer or open up your PDA, slide in your flash or whatever card, and have your preferences loaded, or when you leave, saved. If you're willing to have all the information you already do in your wallet, there's certainly no reason not to put the same information on a password-protected, access-location-limitted smart card in your wallet. You could even go so far as to have your card double as your car key.
paintball
Seriously, this is (IMHO) the perfect opportunity for another nice and easy application of strong cryptography. The idea is you want to store your own bookmarks, address book, and all sorts of personal information. And you want to be able to access it anywhere, right? So why not just store it somewhere reasonably decentralized (maybe a few redundant server farms) as a block of data encrypted with a symmetric algorithm? It wouldn't be more than maybe a couple of megs at the absolute MOST (that's a TON of addresses). I'd pay a few bucks a month for that service. In a sense, I already do, as I store a copy of my bookmarks, address books, and more on my Apple .mac iDisk in an encrypted disk image.
You're the only one who ever needs your own personal information, right? So this way you don't have to trust anyone with it. Your Mozilla will pull the block from the server, decrypt it with your pass phrase, and load it into the application. You'll could keep it locally cached if you like.
It doesn't require any new technology. The data could be served up by web servers. The back-end databases would use the usual replication and high-availability stuff.
If you could build it so Mozilla, Evolution, KMail, and all sorts of other applications can load the block or blocks (just an HTTP GET), decrypt (via the OpenSSL libraries), and parse (XML), you're done. When you make a change, you push the new versions back to the server.
The weak link, as usual, is the strength of the passwords.
In any field, find the strangest thing and then explore it. -John Archibald Wheeler
I don't see how it would be so hard to create very general standards for a roaming profile to search a possibly mounted filesystem (USB Key?) for said information before going to defaults on the system (Bookmarks, address books, etc.). The key could be encrypted using open standards (Loopback encrypted filesystem). It could be mounted under a specific directory in the users' home (So you could use ~/keyring as a mountpoint for example) under *nix, so it would be easy for programs to search, and it would be secure (chrooted environments would still work). For PDA's/Cellphones, I dunno, make a USB port/chipset for them. =). Hey, you could even use Sun's newly donated elliptic curve technology for the smaller devices! And of course, just create standard databases (bookmarks, addressbooks, etc.) with XML.
You could even store your pr0n on the keyring too and not get caught by your gf. =)
It is pitch black. You are likely to be eaten by a grue.
I've thought of this a few years back. One problem is that devising a common language / protocol that will support every known (and unknown) device that a manufacturers would produce is impractical. Having the manufacturers buy into such a standard is the other problem.
As for the privacy issue, why not store this information on a smartcard and make some universal reader (i.e. a portable smart card reader that you can scan your profile into that has an IR port, bluetooth, serial, and USB interfaces).
Ah, it would never work... and anyway, what a waste of time and energy. Do we really purchase so many devices that we can't afford the time to manually configure them!
come on fhqwhgads
It's not a profile per se but by using Mobile Information Server 2002 you can get a lot of functionality. Basically this product allows you to connect to your Exchange server and synchronize Calendar, Contacts and Email from anywhere using your cell phone or pda.
http://www.microsoft.com/miserver/evaluation/overv iew/default.asp
It works really well.
www.linqup.com
"LinQup is a system which allows you to export your application configurations into a Dynamic Generic Roaming Profile (DGRP). You can then use your DGRP at different locations to configure applications on PCs you have never used before."
What are those two new links for porn?
Mordor...a magical, mythical land where women are more rare than dragons--but where every man would rather find a dragon
I can only trust my home computer. I just have to connect to my home computer and i get all the information that i need.
By then, intellectual property laws will be a relic of the past like prohibition and slavery.
To an extent, Jabber already supports "roaming profiles" with your IM, through the use of a server-side contact list, and even any transports you might be using (AIM, ICQ, etc), along with their login info. This is more of a single-signon type thing, but it is along the same lines as a roaming profile.
But this could be taken much farther. The current protocol already offers arbitrary data storage on the server, and it could be beefed up if necessary (that's the wonderful part about an extensible protocol).
So then in your web browser (or in some global location on your OS), you could enter:
myusername@my-own-domain-nyah.com
and a password, and the browser could retrieve the necessary bookmarks and other data. And all of your data is safe at your-own-domain-nyah.com, instead of Microsoft HQ.
That pretty much covers all the bases. Time to hack this out.
-Justin
The PDA and the modern cell phones are designed to "sync" your data with your computer.
If we'd lived in an open standards world there'd be half a dozen plug ins for sending the data to and from your cell phone and/or PDA every time you sync up.
If managers didn't get paranoid becouse of a tech story on CNN (If your not able to check up on the story report every rummor... this is for tech and medical news alike.. swap storys with your doctor with the PS that passes for news)
Just sync your PDA and cell phone with your computer and you'll have nothing more than multi-redundent copys of the same data with no need to worry.
I like this anyway. I keep all my important files on my PDA and computer even if my PDA can't use em just to have a redundent copy.
(and then back up)
Muahahaha...
I don't actually exist.
One way to analyze this problem is to note the interdependencies of privacy, money, accountabiliy, etc. I've outlined this analysis at, called the Privacy Feedback Loop:
s Computing/IntrinsicSecurity/Privacy/index.html
s earch/T alisman/index.html
http://www.quinthar.com/UbiquityProject/Ubiquitou
Privacy Feedback Loop
The balance between privacy, corporate, and government interests has always been precarious. This precarious balance has created an environment of fear - much of which is very justified, and some of which is not. The only antidote to this fear, both justified and unjustified, is a decentralized system that seeks to maximize information exposure, accuracy, and privacy protection at a self-regulating, technical level. Ubiquity must implement such a system. While Ubiquity can by no means strike the perfect balance by itself, it can provide the actors involved with the tools to do so in a secure, sustainable fashion.
Actors
There are three primary participants in the privacy feedback loop: users, services, and realms.
>
Users (Consumers): Obviously, this system focuses on the safe collection and use of consumer personal data. Thus, a major player in the system is the user herself.
>
Services (Businesses, Government): The entities actually collecting and using the user data provide services to those users being served. These entities are typically businesses offering information and products to users online or in person. However, this system would be entirely appropriate for managing new police surveillance technologies in a safe manner.
>
Realms (Trade Groups, Regulators): The final component, providing critical oversight in a decentralized fashion, are the realms. Reach realm defines and enforces standards and privacy/usage policies through a system of active certification. Active certification is what gives realms the technological "teeth" to effectively enforce policy.
Feedback Loop
Figure 1: Privacy Feedback Loop
The privacy feedback loop is illustrated in Figure 1, and consists of the following interdependent components:
>
User Privacy: Users' concepts of privacy are just measures of confidence that data is being used correctly. "Correct" use is in the eye of the beholder, but in general is guaranteed through (1) allowing the user to view and edit all personal data collected, (2) putting the user in control of who can and cannot access the data, and (3) providing extensive auditing information to demonstrate correct use. These confidence-building measures are the result of increasing accountability of the industry as a whole, and allow for greater amounts of higher quality personal data to be collected.
>
Personal Data: As user privacy increases, the amount and value of the data collected increases. Through the user's ability to review and correct all data collected, as well as automatic corrections when existing accounts become linked together, the data itself is of a higher quality and therefore more valuable. Likewise, as users become confident that the data is correctly used, the more open they are to supplying deeper levels of personal data. As the amount and value of personal data collected increases, the revenues of the services using this data do as well.
>
Service Revenue: Services use personal data in a variety of ways to reduce cost and generate revenue. Personalization features create "stickier" services, as well as drive additional product sales. Convenience features streamline the use of services, thereby reducing the time-to-purchase and "mental cost" of using the service. Immediate access to timely usage data allows fast marketing feedback to ensure, among many things, correct product positioning. All of these features rely upon and benefit from large amounts of accurate, detailed personal data. The value of these features and their effect upon the services' bottom lines cause other services to join in the system in a viral manner, increasing the membership in the system as a whole.
>
Membership: As increasing numbers of services take advantage of this ocean of personal information, the total membership of the system increases. Every new member service brings new users to the system, magnifying all of the system's elements. One major beneficiary of this magnification is the realm, which increases in realm authority.
>
Realm Authority: Realms serve as the representatives for each industry. Members look to realms to set the agenda for new standards features, and equitably resolve member conflicts. Users look to realms to define and enforce acceptable usage policies, as well as create a strong brand that users can look for and trust as they use the member services. Courts look to realms to uphold contractual obligations toward both members and users and regulate their industries in a fair manner. Realms are leaders, whose strength and power are directly determined by the number and devotion of their followers. These powers are used to force an acceptable level of accountability upon each realm's respective industry.
>
Accountability: The final link in this chain is accountability. Services that choose a particular realm's data and standards are contractually obligated and technically required to adhere to the usage policies set by that realm. These policies generally define the acceptable level of usage, such as maintaining independent copies of data, selling data outside of the realm, linking data in certain ways, and so forth. Additionally, these policies require that the realm record usage of the data in such a fashion that the user can learn how the data is used, meet certain exposure requirements on the data collected from users, etc. Through increasing levels of accountability, users can gain a greater sense of privacy, thereby completing the cycle.
More thoughts on implementation details here:
http://www.quinthar.com/UbiquityProject/Re
As mobile phone functionality increases even outside Asia, I am sure that this could well develop into the so long sought after "killer-app" for bluetooth. Forget about the mp3 player in your shoe, the mini-tv in your jacket button. Bluetooth in a cell phone, sort of like a portable LDAP server, is the way to go. Another step closer to centralizing all your data in one convenient location.
Sounded good. I tried a demo of iPlanet a year or so ago, I couldn't get it working; *way* to complicated and fragmented. And I haven't heard much of Sun employees using it.
I have dreamed of a portable virtual desktop for years. Unfortunately, it doesn't exist yet; but for each specific application, there are some solutions (and some general solutinos). The best I have come up with is the following arrangement:
A little rough around the edges, but 90% of what I do (and probably 98% of what typical users do) revolves around email, the web, and a couple of specific applications, it goes a long way towards the ultimate solution, which hopefully will be available some day.
The true solution to this is a unversal open *protocol* for applications. IMAP lets universal email be *very* portable. There is no equivalent for calendaring. This is no equivalent for TODO lists. There is no equivalent for most other important applications. If there were, then mutliple vendors could implement it on different platforms, giving true portability.
Until this happens, there will be fragmented proprietary solutions, which by definition, will not be the universal solution. Sigh.
Love many, trust a few, do harm to none.
Um, this isn't exactly right. P3P is for companies to say "You can trust me, I have it written down where you can see that I am trustworthy." You make it up!
You are trusting a website that has P3P to tell thr truth about what they do with your data. They can do what ever they want with it... till they get caught. It is a tool for industry self regulation. It can be abused easily enough.
B.S., and I can't believe this was modded to 5.
You give someone physical access to your shit and it's not secure. Period.
Geoportal
Geobility
Sigh...
I've seen 'roving information' like with token-based network access for people who sometimes telecommute (or have to due to the nature of their work - like military officers who may have more than one physical location they are assigned to); and PDF (yes, PDF)-based information management via webservers that allow people to access certain things from home or in the field so that they always have a common reference point. I can't completely fit in the "work" vis-a-vis "home" bookmarks since at this time I have been working from home; and when I worked away from home I didn't use the same bookmarks in either place - but if I could easily maintain some 'work location' data and take it with me to home or field locations without having to haul along several pieces of electronics I'm all for it. I would propose one of two ways to synergize these things: your PDA or you cell phone maintains the central repository of 'profile' and allows certain elements - perhaps done up with XML - to be accessed depending on what subset of your profile you determine when you access a computer terminal, network appliance, ATM(!), etc. Or, like the Sony memory stick or a smartcard; you carry it with you and it is passed on to all devices. This sort of thing will not be produced for the masses until a few things occur: we as a society can manage the privacy implications (I read comics and chat on non-tech bulletin boards when I'm not working; and should be unable to access those from work but if a worker saw this profile data I would not be happy); we reach a 'trust threshold' with regards to said privacy, encryption and self-assurance of each profile subset; and manfucturers are willing to take the chance that the public will go for it. We (or at least those of us /. readers that are) technologically savvy people could probably hack something together that would work for us (as individuals and for some of our contemporaries), but would Joe User utilize it? I can remember the learning curve getting people to use VPN tokens - essentially where the password changed every 17 seconds but used your chosen password as a root of the whole every time.
I think with the interesting people, their lives can't possibly be wrapped up into a nice little package.
Why not keep important info that's on the server encrypted with your private key. Then, when some info needed, an application on one of your devices (or in the future a smart card, or similar device) could decrypt the data for use. You are still trusting the server but not as much.
Why don't we pay say $50 to FSF for them to host my data forever? For that money they would store my bookmarks, my address list, etc etc etc, and I would get it from their servers once or twice a day.
That way we could sponsor them, which is good, and I also think we could all trust them.
Mats
P3P is notable in that it allows computing an unforgeable proof that the company did in fact give you agreement X about what they were going to do to your data.
P3P can't force people not to break their agreements, true. But it means that companies that do break them that use P3P will easily be sued in court. And for reputable companies (who waver at the thought of expensive litigation), this is more than enough.
May we never see th
Keep it simple, keep it text (XML) and that's that. The problem is that every company wants to be the only company who works with their own stuff. Look at the hoars at Sony that butcher FireWire and their MemoryShaft^H^H^H^H^HStick. Look at MS and their protocals (MS-TCPIP, MSXML, MSHTML, MSJava!).
The answer is simple. Text. XML. The problem is the corporate hoars behind the product.
What about easier solutions, like keeping your profile on your web server at home? Then download $HOME by SSH, or sync it at home. No need to trust propietary vendors, if something goes wrong you're the only one to blame, and you can add all the features you want
Hell I'm just waiting for someone to (re)invent a centralized bookmarks/cookies database for web browsing. I use Konq, Mozilla, and Lynx across two Linux machines, and Chimera, OmniWeb, and Lynx on a Mac OS X machine. I want them to share cookies, bookmarks, and wherever possible, auto form fill-ins, cookie blocking preferences, etc. Right now, I have one be the "master" browser (konq) and a bunch of homemade scripts duplicate the data on demand. How awful! What if I'm on Chimera and I want to add a bookmark?
I remember Netscape's roaming profiles but who knows where that is now. And I hear a future version of Mac OS X is going to use LDAP heavily throughout (dropping NetInfo), but that's uncertain. I think OmniWeb on OS X lets you use an arbitrary URL for your bookmarks file (but I haven't tried it, and it's probably read-only).
Maybe now that the browser wars seem to be starting up again, someone will think this through. I definitely DON'T want it on somebody else's machine, I just want to click a "share with other browsers" button somewhere on my own machine(s), and I want it to work across architectures and browsers.
To embrace all of these functions one needs at the minimum an all purpose file server. The manifesto for such a service would be something like this:
- accessible from anywhere
- using any device
- by only the user (+ the sysadmins perhaps)
- access secured with strong encryption
- reliable service (backup systems available)
- data available using standard protocols
- all information readable and writeable and searchable
- information indexed in a way that makes sense to the user
Much of the information stored might be considered 'work-related' but there's also plenty here that should be considered 'personal'. Would one require several roles or personalities - one for work, one for home, indeed one complete set of data for each hat that you wear? It seems that whilst that would provide a certain level of useful separation, for example by allowing you to keep work contacts separate from personal contacts, it would also lead to troublesome fragmentation. You probably want to know for example when your home and work calendars conflict.There are a couple of ways to solve that problem. One would be to have a single repository for all your information, with some type of tagging to say which info belongs to which role. This has the advantage that all your information is accessible from one place. The other approach would be to have multiple information stores, but to allow the client device (PC, phone, PDA whatever) to access several different data stores and combine the information retrieved from each. Whilst this approach invloves a greater level of client complexity, and reduced reliability due to dependence on multiple services it has the advantage of allowing diversity in the server strategies of different organizations providing service to one individual.
The question of who would be trusted to run such a system is one not of technology but of policy. It seems likely that no institution with an interest in the contents of my personal information should be trusted with it. Clearly this includes my employer, the government, or a private corporation constrained by profit interests. What is needed is an impartial institution. This suggests a potential solution - a legal structure similar to the 'common-carrier' status of telephone companies. Phone companies don't care what you talk about on the phone. They're legally required not to care. What is needed is a 'common-storage' status. That status could be given to private companies who are regulated as digital storage providers. Those companies would be legally constrained not to misue the stored information, for example not to reveal it to third parties, or to use the information in ways not explicitly granted by the end users.
Here my usage scenarios:
1. From another PC I can VNC (or equiv) so I don't have to worry about application versions, leaving temp files, etc.
2. From a crippled web terminal (i.e. I can't install a java app/activex control to use VNC), my bookmarks are a secure web page (they're already exportable in IE and Netscape to an HTML file). If you run Windows you get IIS for free. Otherwise, you run Apache. Both are pretty simple for serving up simple pages.
3. From my PDA my contacts are already sync'ed so I usually don't need to 'phone home.' But if I want to use my Ipaq with it's default software, I can activesync over the 'net to get my mail, calendar, avantgo, etc. Here I'd just pay for 802.11 access from a starbux or look for a community network.
4. For my cell phone, I live in tokyo so my phone actually syncs with my PC and can read simple web pages so I'm good to go :)
5. For documents, FTP them or email them to yourself.
6. For other email, just use the POP3 features of Hotmail or yahoo mail to your ISP. If you want to host your own mail, that's a separate bag of worms but I'd recommend just encrypting it if you're so worried.
The remaining challenge is securing your PC so that you're always using some form of authentication.
Do you use a Mac, perchance?
Not that you [cw]ould (necessarily) use Jabber as a means of storing and propagating a profile, but it might be a more appropriate model than Napster (anyone can host a Jabber server in front of, or behind a firewall, and the server is a single point designated by the Jabber address, much like an e-mail address).
Just thinking out loud here, but what might be nice is if everyone said, "Okay, we'll all use the Mozilla bookmarks format and the vCalendar and vCard standards, and we'll devise an (XML?) indexing format (telling a client where to find all the various files with the respective information) and make them accessable via WebDAV." Now all you have to do is convince every major client out there to use WebDAV, the new indexing format, vCalendar, vCard and the Mozilla bookmarks format.
Wait a minute...that sounds like it may be a job for an LDAP directory (which one can always host oneself if one doesn't like the availabe service providers). Most mailers already have some ability to interact with an LDAP server. Are there any standards for putting address/calendar/bookmark info in there? I know that's probably not what it was designed to do, but really, does that information change that often to be ill-suited for LDAP?
Sorry...just ranting about ideas here.... My point is that I know there's enough standards and protocols out there to meet this need without too much development. I'm sure there's just too much differing ideas about how to do it, so it hasn't been done yet.
moto411.com
Like you can trust your machine at work! Where I work we click through the most outrageous agreements before we log in to the NT network. Essentialy all our data is our boss's, no personal use, that kind of thing.
Surely Microsoft could give it a stab, and then extend it beyond usefulness.
Most things Microsoft does are beyond usefulness and into rapicious. Have you read your EULA? Neither has my boss, or he would have realized that M$ owns all the data he thinks he owns.
All my information is available through ssh and ftp. Sensitive stuff gets no where near a computer at work, regardless of protocal.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
...but iSync offers the convergence, allowing syncing of contacts and calendar information between a Sony Erickson phone, Palm, and iPod (which can hold contacts) in conjunction with Mac OS X Jaguar's iCal and Address Book.
(dot)Mac is merely an Internet-based services package. It's useful, but not wholly collaborative.
I'm sure that Windows developers can generate something for themselves, but I bet the Linux/OSS group can figure out a similar tool faster since Mac OS X is just a BSD variant.
I don't think I like the idea of storing my personal data on networks that Apple or Microsoft create, but iSync wouldn't be a problem with me since the data remains local to my devices.
Vos teneo officium eram periculosus ut vos recipero is.
iSync is from Apple so it will work pretty much right away and will be out soon... .net is still a deal off in the disance and will require version 4 till they get it working right..of course thats if they don't change (again) what .net is..
Kyderdog Dan
Every browser with a mail reader understands IMAP. With a decent IMAP server you can create a folder called SETTINGS, with subfolders containing the data you like, like all your spam FILTERS, web BOOKMARKS, etc. Then a smart browser would detect the special folders and import them as necessary. The important thing is that the IMAP server is already a trusted source, since you keep your mail there. To be honest, I don't understand why people haven't tried this sooner..
So long, and thanks for all the Phish
It's amazing how many people here are suggesting technologies that don't actually meet the article poster's requirements, or require very substantial glue to convert between fragmented protocols and data formats. The whole point here is that there should be a standard protocol and data format for these kinds of informations; "whatever Mozilla does" is no more of a standard than "whatever Microsoft does" is. What should that standard look like? What should the security model be? Those are reasonable questions, and suggestions like "just use LDAP" without considering the work that it would take to put bookmarks into LDAP aren't real answers.
I guess that's what happens when you ask people who never tried to write anything to a set of formal requirements in their lives.
Easily implemented solution: don't share your information, but access your own PC from anywhere and use it as you would elsewhere. This is easily available now for PC's, and could be extended to PDA's, phones, etc. with a little more work. Start with a web-centric remote administration product like GoToMyPC or Radmin.
GoToMyPC is terrific; it uses a central server to connect you from a browser through firewalls to your PC regardless of its current IP address. The software currently cross-platform only on the client end; the server is still Windows-only, but that could change. The go-between server software can be licensed, so it's not even necessary to have a third party broker the connection to the home PC.
We can reduce ideas to bits and people to genes, but "can" does not imply "should".
Netscape used to have something on their website, where you could store your bookmarks and address book, and then import them into any Netscape running on any other computer. It was totally cross-platform and everything. I used it to sync my address books between my Linux and Windows machines- way easier and more reliable than exporting/importing database files. Microsoft also had this for Outlook users.
All this is good, but what would be most useful is a cross-platorrm, cross-browser, cross-everything standard for bookmarks and address books.
I carry all my logins etc. in my PalmOS device, encrypted in a Blowfish-protected database, and synched to my personal computer when I'm back in the office. I have to enter one decent password to get at my data, and if I lose the PDA I suppose someone could crack it if they *_really_* wanted to, but at least I know the data are NOT on a Microsoft/Sun/Liberty Alliance box where some disaffected BOFH can get to it.
YMMV.
"A gun is a tool, Marian. No better, no worse than any other tool. An axe, a shovel, or anything." Shane (1953)
Sound waves should be free!
Sounds pretty much like what the Bill Gates type character wanted to do in AntiTrust... and look how that turned out ;)
It's better to burn out than to fade away
Let me put it this way... It is more likely that an asteroid will crash into this planet, centuries before such an idea would be standardized.
Nice theoretic idea, impossible in reality (you forgot the human variable).
Keep in mind that this is a world that cannot even agree on a single date/time format.
I have struggled with this same problem in the past. Especially when I had a desktop computer at work. All my data was split between several places, and multiple computers at each place.
Getting a laptop helped with having my files available wherever I am. But, I still use multiple systems, so keeping all my data on my laptop wasn't good enough. The best solution for me was to keep everything in a network accessible location.
For some, a My Yahoo! account might be good enough. Online e-mail, address book, notes, pictures, bookmarks, all www accessible. But, only somewhat configurable, advertising based, and limited to what they implement.
I have instead centralized my data on my Linux server, which is remotely accessible via my DSL connection.
Some simple PHP scripts, and a MySQL back end make a great searchable bookmark storage. A WWW frontend to a calendaring system also stored in MySQL. WWW/PHP accessible e-mail accounts (with Spam Assassin filtering out the garbage, and the ability to create many e-mail addresses - one for each service I sign up for, so I can determine who gives my address to spammers), To-Do list in PHP/MySQL. Files could be centrally accessible via Samba or HTTP.
Add a firewall to control access, and VPN if you're really ambitious,and it works like a charm.
The only time I don't have my data is when I have no net access (which is becoming increasingly rare). For those occasions, I need to improve my data synch-ing processes for my Zaurus.
Implementing a safe vault for my data is easy.
As you say, you just encrypt the data.
But the idea is that some pieces of the data need to be shared. For instance, I want my profile to store my SMS anti-spam policy.
I want my profile to store my "how-to-reach-on-my-cell" policies. And for this kind of info, I want to make sure that some applications (mainly the app server of my wireless operator) can access this data.
It is interesting to see that most of the postings are only concerned by how a user can retrieve his/her own profile information.
I am talking about a situation a user is willing to share some information with applications in order to get a better service.
I am sorry, but the HOTMAIL will not do.
I would like a roaming profile but stored on my own server. At minimum, from any machine on the internet I should be able to launch Opera which will then download my preferences and bookmarks from the server of my choice.
Yes you can already do this with ftp and some moving files about manually but It should be built in to the software.
Press a button, enter a host name and password, get your preferences....
The other very important problem of LDAP is that it's for hierarchies/ However, the real world information in the best case of scenaria is DAG.
Besides, LDAP is way too slow and its query language is way too primitive.
I believe that another database paradigm should be used to roam user's personal information. And I am more convienced that RDF is a solution when non-tree info doesn't go to "raw" XML, neither to LDAP.
I agree that Jabber is a good idea to start. What's good in Jabber? SOAP. That's it. Well, today XML is a key. As I mentioned, PIM requires not a "raw" XML - but rather its RDF dialect. Perhaps some RDF database with RDF-oriented query language and web/SOAP interfaces will serve well if user profile info is defined well in RDF ontologies.
Here are some links I found about RDF:
Less is more !
I am talking about two things (you seem to be the only to have noticed. Bravo):
- accessing my own data
- making my own data accessible to other
In terms of technology versus standards, GUPster is the bastard child (yet to be born) of GUP and Napster. And GUP (Generic User Profile) is an on-going 3GPP standard.
I think the problem (actually the two problems) need to be tackled from both ends: standards and technology.
OK, Mr. Telecom: I've already my calendar info & my contact database online - in Yahoo. Now - get this to my phone! How hard could this be? Let's see:
Does the phone have a contact database? Check.
Does the phone have a calendar function? Check.
Is the phone wireless? Check.
So, how come I can't see my calendar on my phone? mMode comes the closest, but you have to use the AT&T web site to interact with your information, and it only works with a few phones. Nobody does it right.
Get that right and then let's talk about other data, and where that goes.
Btw, cables, wi-fi and bluetooth don't count - I want up-to-date calendar info when I'm on the road, not when I'm 10 feet from my computer.
If you look at our website you'll find a web-based Contact Manager software accessable from (virtually) all the devices you mentioned above.
/Shameless Plug
It's tested with Konqueror, IE, and Mozilla, and is known to work with a number of Palm-based devices, including the Handspring Treo cellular phone.
I have no problem with your religion until you decide it's reason to deprive others of the truth.
LDAP is great, I agree:
- flexible data model
- hierarchical and distributed architecture
- free implementation
- lots of schemas
- decent access control
Here are the limitations:
- data model is flat
When you take an LDAP object class, the structure is flat: no possible nesting.
- the transport mechanism is not ASCII (as opposed to XML)
- the LDAP query language is way too limited
- the way user profiles have been implemented so far is wrong.
Netscape user profiles uses LDAP but each component (address book, bookmarks, cookies, etc.) is stored as a blob. This means that the only that you can do is to retrieve the entire address book, or the entire bookmarks. The granularity is wrong. Moreover, this opaqueness makes the various components live in different spaces. There is no way to write a query which will combine address book info with calendar data.
With XML, everyone lives in the same space and you can write queries that return (for instance) the name and phone numbers of all the people I have a meeting with next Tuesday.
That, rather than the Soviet-style centralized identity management that Microsoft and Sun envision, is likely to be how identity information gets passed around: from a variety of source on a variety of devices.
The easiest way to do this is to run a website on your how server. Slap on SSL and you're pretty much good to go. I have:
Centralized Webmail
Centralized Calendaring that I can share with my wife and theater company
Steaming Music that is granted by music profile, so I only share my music with people whom I would normally loan CDs to.
Centralized bookmarks with a convienant javascript link in my toolbar to add sites at home and at work.
The question is why did I have to develop this myself. I think this is the future. Why not take the idea of one of those router/webserver/firewalls a step further and make an all in one information box. You plug it into the network. You patch it. Why doesn't this exist?
I heard it got dropped
No, I did not read the f***ing article!
Database people do this sort of thing all the time, by making the data superior to the application and forcing apps to work through a very rigid interface. The way to do this is probably to store the preferences in a relational database. Those things are well understood, scale up, and can be replicated. Apps would get to the database via SQL, as usual. It's not the latest buzzword-compliant technology, but it's well-understood.
This is a pet peeve of mine. Although I'm currently content to have universal computer roaming profiles and feel no immediate need for better cellphone/pda connections.
.net and .mac, netscape/AOL are dropping support for erstwhile 'home brew' solutions to this problem. What the hell are they thinking? True When the feature was introduced it probably was only used in corporate settings, but now that many homes have more than one computer in them it makes sense to have a feature like this for home users. IMHO netscape is dropping the ball on this by removing this feature.
That said, my solution to the computer side is to use Netscape 4.75's roaming access feature. I have it set up in my house now and all my computers use it. It is damn handy for bookmarks and address books on my home computer network. It's so handy that I'm reluctant to upgrade past 4.75 because I've heard that roaming access HAS BEEN REMOVED from all the later releases of Netscape!
This is a disturbing trend. While MS and Apple and all are talking
In college I used to keep a Zip disk with me that had a mail client that left the mail on the POP server (Eudora) - you could also use IMAP for that. It also had a browser and a regularly updated set of bookmarks.
As others have pointed out, USB pocket drives are also a solution.
If nothing else, a 1.4 meg floppy is pretty universally accepted and can easily store more bookmarks than any normal person has.
These solutions are a little more difficult to work with than simply logging onto a server, but do allow for more security. Netscape, at least, allows you to find a profile on start-up.
The only question is if all version of Netscape will read different profiles (will the Mac version read one written in Windows)
- (c) 2018 Hank Zimmerman
Most comments only address one aspect of the problem: how an end-user can access and manage his/her data in a ubiquitous way.
/. are even considering this option. Is it selfishness, paranoia, or am I missing something?
The obvious solutions are:
- carry it with you (USB, etc.)
- store it on a server (ISP, home desktop)
Access control is simple: you can access your data, nobody else can. The data is encrypted and you have the key.
The more interesting aspect (I guess my initial post was not clear enough) is that I want to share this data. Apparently very few people on
I want some applications to be able to access this data to perform some useful services (e.g. by combining presence and calendar information, people could reach me more efficiently).
The challenge is how to provide a controlled and integrated access to my profile information.
I'm surprised that /. isn't all over this...
Check out http://www.xns.org
"XNS is an open, XML-based protocol for identifying and linking any resource participating in any kind of digital transaction. You'll find the complete technical specifications on this site.
XNS provides a flexible, interoperable method for establishing and maintaining persistent digital identities and relationships between these identities. The protocol provides services for registering and resolving identity addresses, defining and managing XML identity documents, conducting and protecting identity transactions, and linking and synchronizing identity attributes."
Basically, store what you want, where you want, in an open format. As a public trust organization, they don't store your identity, they only proxy it. Store it with MS, with Apple, with your work, at home.
With the beautiful folk at OSDN, you have sourceForge and Freshmeat. Someone will create a open-sourced solution to all of this. You download it, install it on your server, and voila. You have your profiles stored on your own server which you control.
.net for this stuff? Build a standard, use it, build open-source software for it, and allow people to run their own if they are security conscious. But I don't want to give my info to Liberty, .Net or .Mac frankly, I'd rather set up a server for me, my friends and family. If every geek did this for their small subset of friends and family, everyone would be taken care of!
So you are not a geek? Text-based stuff shouldn't be too network heavy; I would forsee a few donation-supported sites, or even ISPs who will host your info for you. It's all easily downloaded to your local machine in XML format, so you can change providers easily and quickly.
Why do we have to use
TossableDigits.com: Temporary Phone Numb
It's not so much two technologies as much as it's two methodologies.
I see two obvious paths. The first being the distributed GUPster/DNS method, where a central store has meta data and a pointer to the location of value data. You could store your profile anywhere, including your home workstation. You could easily break down your profile to only allow relevant access, so that an e-commerce app only has access to purchase info, and your cell phone only has access to contact info. The ideal mechanism would require your PERMISSION for a request to be fulfilled. This is how I wish your credit report worked. Anyone can access your credit report with just a bare request. But if they had to have your PERMISSION, then you'd get a lot less junk mail offering those credit cards.
Obviously you could store info for application specific values in this mechanism as well. So it's not just preferences, but nitty gritty app data. I think it's more important to have a mechanism that's adoptable first. Standards for data containers will get developed as apps utilize this functionality. It seems obvious that XML would be the method of choice for storing this.
The downside of this is that wherever your info is located has got to be accessable 24x7, which might make the home workstation less ideal. Another possible downside might be being inundated by requests/confirmations for accessability. But you could get around this with PKI, similar to the way you 'allow' content from certain keys to be downloaded or trusted implicitly in IE.
The other method would be a centralized Passport-like system, where most of the goodies are stored in a massive central database. I don't see the paranoid going for this, and I don't see the model deviating much from the current credit report type model that's in place. ie. you don't get to know who's accessing your data and for what purpose until it's too late. But I do see this as more acceptable in the business world because there is a single point of contact for implementation and sales of the system. There is merit in the idea that there is a single point of contact for failure, if that were to happen. This would definitely be abused though. Call it the cynic in me.
I would hope that both systems would be available and we could let the market decide which is best. Consumer choice is always the best option, as it keeps development brisk and customer care in an upright position. And there will always be issues that arise that we cannot possibly imagine until implementation time.
I used to enjoy these obvious baited questions by some corporate lackey. But now they are just about as irritating as a summer mosquito.
You think that data is important to you?...then guess what...YOU can be the one controlling how it gets used. The second you hand over that resbonsibility to someone else your screwed
Enjoy your technocratic society otherwise....its what you wanted, right?
I thought this might be useful.
"Unison is a file-synchronization tool for Unix and Windows. It allows two replicas of a collection of files and directories to be stored on different hosts (or different disks on the same host), modified separately, and then brought up to date by propagating the changes in each replica to the other.
http://www.cis.upenn.edu/~bcpierce/unison/
Instead of convergance, these guys are talking about using small, PCMCIA card size devices called "Point Servers" with gigabit UltraWideBand technology connecting to Various "clients" that would provide things like display, input, etc.
Looks pretty cool, and best of all, they're keeping the whole thing totally Open Source. I think they have a prototype using an ipaq sans screen, and a hacked up 100Mbit UWB setup.
SpamapS -- Undernet #Linuxhelp
Leave it to nerds to bicker over a problem that country music has already solved. The song you want is called "God is my Palm Pilot".
Can't recall who sang it though. Let me check with my personal organizer, and I'll get back to you.
Democracy. Whiskey. Sexy. Pick any two.
I appreciate your desire for being able to centralize all your data, but I'm afraid in the real world, it doesn't work like we might like.
So, in my attempts to centralize all my data, I used Netscape 4.5+'s Roaming profiles, along with a website that provided roaming-profile service for free (hey, it's only a few kb for each user, why not a free service?)
So, this worked fine from my home system... It would save the settings, and I'd just have to type in my password when I opened Netscape for the first time.
So, then I try it from work... It's a bit of a hassle because I have to got to the commandline, then launch netscape with a commandline option, then type in all the account settings (server, path, type, username, password) each time I was going to use a browser... You never know when you're going to want to bookmark something.
So, then I check my e-mail! Of course my service was pop3, so it would only exist on the machine where I had downloaded it, so there were serious problems there. Even with the option to keep the message on the server, there was a serious ammount of inconsistency...
Additionally, because of the firewall settings, I had to use a different SMTP server when I was at work, than I used at home. So, the roaming profile didn't work too well if I wanted to reply at work, but I could at least read it in my spare time, and reply when I got home right?
So I found an IMAP e-mail service, and began using that. It was much less reliable, had a smaller quota, etc. Did I mention that IMAP was blocked by our firewall? So no roaming e-mail for me.
We're just getting started. After using the roaming profile server for a few week, I opened a sub-folder of my bookmarks to discover a bookmark called "Transfer Interupted"... I realized that upon one of the sync attempts, the bookmarks were half-transfered, when the connection dropped. The server and Netscape didn't complain, so that corrupted copy was then synced up, and eventually overwrote all my backup copies (I had apparently been using the corrupt bookmarks for some time).
Then the next problem came along... Mozilla was not going to include roaming profile support. So even if I had wanted to continue, I couldn't.
So, my solution was simply to send copies of all my reasonable important data to my home server on a weekly basis (from my workstation at work, from my handheld, etc). When there is a problem, it isn't too much of a hassle to copy it back manually.
First you need to force each company to use the same format for all the settings that matter. Then you need to make it forward compatible, so things you can't even imagine right now, can be accomodated as needed. Then you need some way to automatically keep all the devices in sync (a server) that everyone will be happy to all use.
Some times you just have to do these things manually.
Of course, don't quite understand what you want, or why you want it.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
If the information would be encrypted on the servers, and only readable by me on my devices (with the right certificate), I could probably use such a service.
We use XTND Connect Server to sync out data, it has custom made clients for multiple platforms and new phones with syncml support can syncronize to it easily.
i'm not saying that this is the ultimate solution, but it is A solution.
Well in the interim Apple will soon release iSync which acts as an interpreter of sorts. Syncing your addresses, contacts, schedule, lists and more to and from PDAs, Cell Phones, the internet (any webDav server will do) and your computers. Looks interesting, guess we'll see.
Well I guess what yer asking for is Easier then World Peace :)
What a coincidence. I sent an entry on this very topic into the last Viridian design contest, but it vanished into a black hole in Bruce Sterling's email box. He later said:
;-)
"Sorry Simon, but your interesting Civil Society entry never showed up in my mailbox."
Oh well.
My proposal is to create a PIBank (Personal Information Bank) that's going to store all of your personal information and dole it to local systems at your command.
I secured it using one-time-password, two-factor authentication with RSA SecurID cards. The cool thing is that you can also have the PIBank generate one-time credit card numbers and so on to prevent fraud.
Someone mentioned profit? Well, it's just like a regular bank. Their number-one product is trust. Of course they'll charge a monthly fee and use your data in aggregate form
Go on, check it out.
home page
Just a word of caution if you use a "personal homepage" to do this.
Remember that the HTTP referrer header that is written to the web logs of sites you visit will reveal your "personal homepage" URL, so be careful if you store other information (such as friends email addresses or contact numbers etc.)
Well, at least not anytime soon. Trust me. I'm in the sync business. The solution is to have a multipoint sync feature that allows all your 'devices' to sync to a central point. Where that central point is should not matter. Trust your ISP? Host it there. Trust Yahoo!? Leave it there. Want to stick it on your home network? No problem.
/b
The next problem is getting the devices to talk with each other in a standard langauge...but that is not going to happen. you have to have an engine that can translate between the different devices. Take recurring appointments. Palm can handle certain features, Lotus Notes others and Outllok still others. What happens when you try and keep them all in sync? You have to allow for all the different capabilities. Not easy.
Then you have supported platforms. Just how many contact lists do you keep? For me I have the following...Palm, PocketPC, SyncML Phone, Outlook, Yahoo!, Hotmail, Evolution. That's seven different places to keep in sync. Then there are the bookmarks. I use Mozilla, IE, PocketIE, Konqueror and AvanteGo on several machines. I have bookmarks scattered about all of them.
Then there is filtering. Do you really need all of that information on one device? No. I only want my personal stuff on my home PC but both on my work PC.
PS: When I say device I mean a data point. I.e Outlook is a device Lotus Notes is one, A Palm is one, etc.
PPS: If someone says just stick it all online and access when you need it; Wake up. When you are 100 miles from the nearest cell tower and you don't have coverage...thats when you want access the data that you have only stored online.
[Please type your sig here.]
Can someone alter windows profile storage so that the average user can not just plug in one of these smart 64Mb USB media thingies and log on with all their mail messages etc? Or even better, one that will store it on any removable media drive so that PDA's etc can use it? And if not, WHY NOT? Oh, and if you worry about losing it, you always have a backup on your master computer, and should you try to hack the password, it'd have 1024-squillion bit encryption. And a guard dog. And four dead chickens... Ideas on a stamp addressed envelope.
You can find a list of web based bookmarking systems here.
This is a protocol for storing application configurations centrally. All you need to do is get your cellphone and PDA companies to support it. Hmm yeah. Not sure what the status of the project is at the moment though. Google for it, or read this white paper.
The main objectives of DotGNU are to build a webservices platform and a Virtual Identities system.
First you should solve the problem with Slashdot, which does not allow you to delete your account for example - and does not even mention this during the registration process. Next time when you decide to accept a submission related to YRO, first fix your own violations.
Who would make such standards? Surely Microsoft could give it a stab, and then extend it beyond usefulness. Maybe some of the existing standards are good enough, or could be extended (vCard, vCal, etc.).
As other posters hinted already, there is SyncML.
As for the vCard XML representation, it was devised by someone who didn't understand what XML attributes are for. These "special marker" elements inside other elements used to make some of us pull our hair out.
My exception safety is -fno-exceptions.
One note though, that would require an intermediary which magically one day we would all Need©. I don't like that idea. Do you like Microsoft? Their empire came out of necessity (and some stupidity). They threw together everything that was getting popular in one inexpensive product and ran with it. Now it's immensely hard to do create or write anything for the home PC market without going through them in some way (be it using their tools, apis,etc.), even if that is just a means to subvert their efforts. If this single point of failure were to be government organized, great. But now other countries would either have to set up their own service or pay to go through ours (no one works for free). If not, what company would you trust? Microsoft? Verisign? They all have their problems. Another existing company that you may have heard of, but John J. Bluecollar hasn't, why should he trust them more than Microsoft? Or, better, why don't we start a new company to do this. Well, now it's definitely a pay service, and as we've mentioned this service is something we all Need©, so they've got us by the balls. Granted that this company would be government (whose government? is this thing global?) regulated, but by that time, I'm sure it would have enough money to buy off a few senators, they don't cost that much, as we've found out.
There are just too many holes in this plan for me to agree with, and I've already given my personal information out many times.
--- What
The DOD even just put an expiration date on LDAP use. There's LDAPS now, a secure version. NOTHING new should implement LDAP if it's not internal - it should use LDAPS.
Carry it around and shove it into what ever device you are logging into ..
Or in the future, wireless..
Course if you LOOSE the card you are screwed.. But its a better alternative then putting all your information out in the world for all to see... and we all know anything is crackable..
---- Booth was a patriot ----
my dot yahoo dot com
I know it may not be the most secure thing in the world, but it's very handy for everything I need it to do. Email, bookmarks, notepad, calendar, reminders, addresses, palm pilot synchronization, and a customized homepage with quick access to local information (wherever 'local' happens to be).
Since I use at least five different machines during the course of the day, it's extremely useful for me. When I get to a new machine, I have instant access to pretty much anything I could need. Also with a bit of ad-blocking, pop-up killing, and (assuming a wintel machine) the addition of the yahoo and google toolbars, I can have full functionality on any PC I sit down to in no time flat. Again, not a solution for the paranoid, but I find its the most robust solution out there. YMMV...
You could probably get ZenWorks to do all of that right now and store it on your own server if you have an "always on" connection for it. ZenWorks is fully integrated with a directory service and is accessible via LDAP and XML. What more could you need?
Also see ZENworks Keeps Handheld Costs Down, Security Up
- Hail to our fearless misleader! Fool speed ahead!
I have been thinking a LOT about haing all my email, contacts, schedule, etc to be accessable from all my devices.
It is pretty easy with email and contacts, IMAP and LDAP. This also allows for a degree of sharing information.
Where is the calendar standard? Is MCAL/ICAP dead? I need a calendar server that can handle shared categories/folders and recurring events, etc. Then it is just a matter of having the software access multiple calendar servers just like email (i.e. work server, personal server, junk server, etc).
-Jaxn
P.S. if you know of a product or standard that does this or want help creating one, email calendar_AT_jaxn_DOT_org
Why not store everything on a flash media card they hold 128MB or so, or even use those usb keychains. That way you'll always have your information handy no matter where you are, just have to lobby the cell phone companies and pda's to support usb or flashmedia format. Also have to come up with some encryption plan and password scheme to keep prying hands out. Also a backup scheme, anyone scene my life on a disk??
I think what you want at the moment is Fusion One but then you wan tmore on top, hmm.
is a website. everyone makes their own website. you put all your information on that website. either you pay the host for extra security or you make the security yourself.
the data you are storing of your universal profile will need to confirm to a set standard. the UNIPROF (made up) standard. this way any joe and janet jooboojama with their various digivices can plug into that website download the profiles and whatever. make changes and upload them back.
you want to extend your profile to hold bank information? go to a bank. get them to plug into your profile. you control their access. they give you requirements and you give them tempo read-access to those required fields. they agree. and THEY hold the information that pertains to their stuff. why? because they dont trust you or anyone else to do their own security. that and they ultimately control access to the financial parts of your profile. your website profile gets updated and now has the extension to the bank. you plug into your profile access the financial section and it sends you to the bank. the bank asks for authorization or maybe even trusts you because you are using a trusted session (with crypto one-time-padiness to ID the session).
beautiful. and all the tech already exists. it even supports propietary systems like MS passport SO LONG as MS builds on the standard profile.
we write the profiles in xml. problem solved.
All the solutions proposed in the posting only address one aspect of the problem, mainly making it possible for a user to access his/her data.
I am interested in making it possible for a user to SHARE his/her data in a controlled and secure way.
The unfortionatly named .Mac consists of:
Web hosting
WYSIWYG Web-based HTML thingy
Email service
Network backup service
Antivirus
Greeting cards
If it were given that you could have an always on connection, or in a ipv6 scenario where everyone could have a static IP (and even a static subnet) then you could simply have a central server that associated a login name with a domain name or IP, and passed the password request onto the resolved machine. XML data could be passed when authentication occurs.
Your machine could have a daemon that returned your private data in XML wherever you were, the central location being your main box.
For instance, lets say that I want your medical records. I would go to the central registry and make a request. The central registry would reply that the information is stored at, say, the Mayo Clinic. I would still have to go there and jump through whatever hoops they present to actually get the data.
The definite good thing about this is that if you decide that you don't want to use the Mayo Clinic for some reason (poor security policies, impersonal staff, whatever), then you can designate John Hopkins, and future requests will be transparently routed there instead.
The potentially good thing is that the central redirector could implement its own security policies. For example, medical info requests should only be forwarded if they come from someone with a certificate signed by an appropriate authority (i.e. ama-assn.org and/or amerchiro.org).
The process would work a lot like DNS. In fact, I don't see any reason why the central server couldn't be distributed in a manner similar to DNS servers.
Nothing for 6-digit uids?
Interesting, I've been a business plan on this idea a while back. I can probably find it again and email it to you. We created a concept called duplicated objects that we created to simplify the process of creating multiplayer games. At one point, we tried to diversify the company and our technology would make it very easy to implement such a system. Therefore, I wrote a business plan and we tried to get funding. Just didn't worked, so we stayed focused in multiplayer gaming. You might want to look into duplicated object technology or replicated object technology. Instead of having your C++ or Java class instance bound to one machine, those systems allow you to have multiple copies, or duplicate on as many stations you require this instance. The system is responsible to synchronize all instances, so the application on each device can access data locally, and it is always up-to-date.
sounds like CVS would solve most of these problems.
-- Who needs windows and gates in a world w/o walls and fences?
I've been using Backflip since Blink.com went paid-only (and switch the domain name to blinkpro.com for it's paid service). Blink was excellent, best of its breeds. But $48 a yr is a little too much to ask for... $20-30/yr would be about right.
Blink was also unique in that:
1. It has WAP support
2. It copies link as aliases (if u change one bookmark's URL, all the alias copies gets updated too)
<B><A HREF="http://backflip.com">Backflip</A></B&g t; does the job for me ever since. Blink had sidebars for both IE and Mozilla, Backflip only have one for Mozilla. Backlip's search is still broken right now.
Even then Backlip has been essential to my life ever since Blink turned commercial. I keep everything in Backflip.
Ultimately we need a workgroup bookmark server that integrates with Mozilla or IE. Actually I'd just settle for a roaming server for Mozilla, I might even use Mozilla for all my email/newsgroup needs if it has roaming server support.
calling this a roaming profile is somewhat miseading. A distributed profile would be more appropiate.
What u are suggesting is that instead of a single sign-on service like Liberty or Passport, there should be a distributed model instead for your personal information, and each server may contain a portion of your profile (ie. what it needs to know).
That's way too much interoperatibility issues to deal with. Why not just have a standardized profile information (eg. in XML or Dublin Core or something)? encrypt it with your own private key for security. Credit card #s and such are preferably store in a separate file and with higher level of encryption. Store these personal profile XML files on your HD, sync to your Palm, save it on a USB keychain, etc.
If u think storing your personal profile on a single sign-on service is insecure, then storing it on 10 different servers only makes it 10 times more insecure.
The problem I have with OpenLDAP (or LDAP in general) right now is that it's not writable by most desktop email clients (OE, OL, Mozilla, Eudora, etc.) The only one I know of that can update LDAP is Evolution. And I particular need PalmLDAP sync. Until then I won't touch LDAP. Have u tried SyncML at all? I thought the whole thing died. Never heard anyone actually implemented SyncML.
I think it is a great idea in theory, the execution is difficult. I was thinking more along the lines of using a personal domain that would be hosted by web hosting company. It would be really an encrypted set of files or database that could be queries like a web service. The owner would have to register or allow different services like Home Outlook, Work Outlok your PDA, etc. to sync up with the list. This encrypted block of data could also be used to store files and host your email.