Identity issues and modern exam techniques

The most important facet of a service that is offered by a examination body is to the general public, not the students themselves but those of us who will in time use the qualified professionals. For example If you use an accountant you don't just trust them with your finical data you also trust them with your livelihood. We need to know that when we extend our trust to an accountant, that they are adequately skilled and have been examined by a professional body to an adequate standard.

The modern examination process has come a long way from rows of desks with an invigilator sitting at the front. Examinations and the examination process itself have been upgraded.

The learner can use an on-line system to schedule when and where they would like to take an exam, the student then arrives at a comfortable examination center and sits down in front of a computer, the exam starts when they click and is controlled by a remote computer system that provides the student with a monitored and balanced set of questions. The adjudicator’s role is to provide drinks and to make sure that the students are not using their mobile to call friends who are googling the answers. Results are often provided immediately at the end of the test along with a breakdown of the student’s performance.

However this examination process has introduced a number of new problems, the most significant of which are associated with identity, and can be summed up by these three questions

• "who is going to take the exam?"
• "who took the exam?"
• "who does this exam result belong to?"

Imagine Geoff decides to become an accountant this is a possible journey that Geoff could take to achieve his qualification.


We start to answer the question "who is going to take this exam" when Geoff shows his interest on the web site, and we also encounter our first identity problem. How do you know that people who have signed up with us and are real, unique people? Has this problem been solved before? Back in the early 1990's it was technology companies such as Microsoft who developed the tools to make examinations a more enjoyable experience. They also introduced the new way of examinations for their accreditation programmes and so naturally it was they who first started to tackle these identity problems. Their solution was simply to create a database of people, all having user names and passwords; an identity silo. Independent from any governmental or quasi-governmental organisation, this solution is called by some Identity 1.0. To prove that Geoff is really a unique person, and that he really exists the web site needs to link the identity it has with an identity that is offered by trusted identity authority such as the passport or driving licence office. This is called Identity 2.0.

The next identity question "Who took the exam" comes when he is at the examination centre and needs to relate his exam result and his physical identity to the identity that he previously registered on the website when he booked the exam. A modern solution is to use a biometric measure to relate Geoff person to information that has been previously stored against him. Lets say we use his retina scan.


This basic biometric process is used no matter which biometric measure you choose to use. Biometric measure come in one of two categories physiological or behavioural.

The physiological measures are

• Face - Everyone has a face, but they are not as unique as you would think.
• Finger print - These are very unique but are very, easy to get round (search for fingerprint on youtube)
• Hand Geometry - Good all round measure to use
• Hand Veins - Are easy to circumvent
• Iris - Difficult to collect works very well
• Retinal scan - Very very difficult to collect but works really well.
• Face Thermiograph - Very unique, but change as people get older
• Odour - Difficult to collect but a good measure to use

The behavioural measures are

• Key strokes - Very very easy to collect
• Signature - Not a good measure at all, forgers have been working on this for centuries
• Voice - Not very unique
• Gait - Easy to collect, but also easy to imitate
  

If a biometric is used then it must also be noted that the patterns stored against a person need to be in a database, against a user name and password. Most off the shelf biometrioc solutions actually reinforce the Identity silo problems that existed before the biometric solution was put in, and often incur massive costs in the process.

Our third question "who does this exam result belong to?" is a tricky question, we may be able to relate the result to a set of finger prints or to a user name and password, but who really owns the exam result? Are they Alive? Have they been incarcerated for fraud? Have they been awarded the Nobel prize for science? Again an Identity silo exasperates the problem. organisations such as OpenID and OASIS are trying to solve this issue from a technical perspective.

Things have moved on since the Microsoft Certified Engineer days and nearly everyone is a member of hundreds of identity silos. Identity silos do work well for storing your shopping list or a set of favourites, but as a solution for things that are really important - they really don't work. The century has already seen the rise of identity theft, organised large scale credit fraud and global terrorism. You also have to ask another question,
"Is owning, managing and maintaining an Identity Silo core to my function?"
The answer can only be no. If you want to remove barriers to membership then every thing that detracts from this is just a cost, that will included in the exam fee.

There are many ways to authenticate a student, either via a shared secret such as a user name and password, via a token such as a smart card or a biometric device, but if these authentication solutions are used to populate Identity Silos then you will be left with dealing with all the associated problems.

The Identity 2.0 solution to this technical issue is to delegate the task of authorising users and consequently the owning and managing of a particular identity silo to a specialised provider. Specialist services such as on-line exam papers or multiple choice questions could be held on servers that sit behind the identity asserting authority. The exchange and interchange of identity information can be facilitated using the SAML (Security Assertion Mark-up Language) standard.

This architecture is about trust. The user trusts the asserting authority with their personal information, who will be a vendor selected for their trustworthy characteristics such as Veritas or Microsoft. This trust is again repeated by service provider who will have a number of services on the right hand side of the diagram. The biometric vendor has a common standard to deliver to and importantly this can be changed if their solution is compromised without a redesign of any of the services. In-fact examination body will be able to extend trust to its students in different manners according to the student’s status, role or geographical region. In countries that prohibit the storage of finger prints, smart cards can be used. Students who have graduated can login using their user name and password, but students who have not finished all their exams would need to use a finger print identification. As new features come into the public domain such as OpenId and cardSpace the solution can be extended in a single place the Credential Authority (CA).

In conclusion an Independent Asserting authority allows you to change your services and how your services are accessed without effecting your customer base, which will allow you to deliver faster as you don't have to maintain your identity silo and deal with the technical complexity associated with running one.

Most important of all is that your students only have to trust you enough to provide the services that you want to offer, i.e. they don’t also have to trust you with their identity, finger prints, retina scan, voice patterns ....

If an independent assertion authority is used, then the core service that you wish to offer can be developed against it with a well known and simple user name password or token style solution. If fraud, identity theft or impersonation then turn out to be a quantifiable problem then a biometric solution can be used without change to the previously deployed solution.

The one question not yet answered is probably the most important question and that is
"Is this person who says that they are certified really certified".
I.e. Can I trust Geoff with my finical data and my livelihood because the certificate on the wall in his office says so? and Is that certificate a forgery?What I need is the ability to check with the examination body that Geoff really is who he says he is and to do that the examination body must explore exchanging Geoff's profile information that it has stored against his member identity with an unidentified member of the public. A simple suggestion that may work without either Identity 2.0 or a biometric device can be achieved by the exam invigilator taking the student’s photograph during the exam and publishing the photographs on the website against the name that the student gave at the exam and the name on the qualification document.

References

Identity 2.0 Dick Hardt
CCCB How to hack a finger print reader
Biometrics wikipedia
OASIS technical council on SAML

why a high-tech innovation lead company cannot ignore SecondLife

1, the people
SecondLife is the most popular virtual world environment, the generation Y creative minds that it attracts are coding new streaming platforms, experimenting with new code patterns and making whole new languages, they are doing this because they enjoy it, this is the new high-tech resource pool, your competitors will draw from this pool, ignore these people and you will loose your commercial advantage.

2, the technology
The SecondLife grid is a contender for the worlds largest collaboration project, it is solving issues associated around fast data transfer, massive parallel processing and the distributed service that nearly all modern systems will face, their open source repository allows 100,000 developers to alter a single line of code to meet these demands, their automated build release and QA procedures are collaborative an easy, this is how future software projects will be run, this type of collaboration is the new school your competitors are learning how to deliver commercial projects using these tools and methodologies.

3, the business
SecondLife is only came to media attention in 2006 and yet it has already become the worlds 2nd largest online 3d brand it has a higher GDP than Israel, in the future training and education simulations will use virtual worlds, this will happen, Microsoft, Apple, IBM, Samsung, Nokia, google, BBC, Accenture, Reutiers, Garnter, CNN, Disney, AOL, Warner are all announcing 3d worlds products. Virtual worlds and serious games are going to become a part of everyday life, in fact if you look around you will realise that they already are,

In 1977 Ken Olsen said “There is no reason for any individual to have a computer in his home” 5 years after this I was exchanging games on C15’s with my friends, and Bill G’s MSDOS was finding its way into every office in the world.

Today’s 11 year olds are making avatar behaviours, functioning 3d machines and architectures, with the accelerated rate at which software and hardware products can be brought to market it can be expected that that consumer facing solutions will interface with a virtual world in some way. I would expect this to happen within 5 years. The high-tech company that looks to the horizion will surf this wave and have really good fun doing it, those that don’t will just have to do what they can to jump on the wave as it crashes around them.

note::i know that its a misquote !

A window on the Virtual World

The latest real news from the virtual world is that Samsung have ported the SL client onto their high end mobile device, or so Richard Banks comments on his blog. This allows us to walk talk and blog in first life and Second life all at the same time. I guess this make its 1.5 life or even 3rd life. However this is not the first time that a commercial virtual world vendor has attempted to exploit the mobile device, Habbo announced this with Nokia back in November, and Microsoft (In my mind the organisation most capable to achieve this) have a work stream in
their social computing research group to do a similar thing.

The consumer device and media industry's view is that this is a good thing. The media companies, virtual world companies and mobile carriers all get new exciting ways to make money from the teen demographic. The only losers are traditional mass media companies, more time in a virtual world consuming media is less time in this buying disks that become obsolete as you take them out of the packet.

At the Barcelona TV evolution event last year I heralded "personification of consumer devices", where the operator would invite the consumer to interact with the device as if the device were a person, this is already happening with some online media brands but has yet been translated to a physical device dependant brand. Software developments that allow small devices to perform the polygon rendering needed to make a virtual world an exciting experience will ultimately unlock the mobile device allowing it behave as window onto another world, or a character that you can interact with directly.

A brief explanation of a headend and why its so important

Most cable companies have a DMC that stores all the movies, up and down links content and provides monitoring on input and out put. Each geographical region they have a headend. The old analogue headends were quite simple affairs, now they are massive complex installations.

The number of channels, number of concurrent VOD streams and number of internet connections that a cable network can provide is dependent on the number of multiplexers. The multiplexers live in the headend (a bit simplistic, but generally true). The Conditional Access (CA) system also lives in the headend.

The headend is the most expensive part of the network, it is often more expensive than all the boxes that it serves.

Get on your virtual bike

Back in 58 Willy Higinbotham demoed “tennis for two”, what he didn’t know was future games producers in the audience were dreaming of sadistic, gore ridden bloodfests. The games industry is the phenomenon of the late 20 century when spotty teenagers made mega bucks from a weeks work and multi million dollar companies were constructed over night. But for those on the inside its a different story … the games industry has another reputation, its really more cut throat than an 18 rated splatter house sequel. Young minds are ravaged, patents are broken code is stolen and companies are bought, sold and stripped of any decent ideas they may have had. This is because the number of people who buy games as a percentage of the population is less than 5% and the market is completely saturated, any game consumer has traditionally been fought over tooth and nail by some of the best minds of the centaury.

But, just as Willy had his day so have the “young white male” focused games producers. Games have changed and so has the games industry. Why fight for the people in the 5% when you can sell to the other 95% without any competition. The Xdream fitness bike is a really good attempt to sell computer games and virtual worlds to people are really into fitness, in the same way the brain training is aimed at the female market and dizzywood is aimed at the under 10’s. Nintendo has also just announced that the price of the wii fit has increased by £20, this is not because of manufacturing cost no no no … this is simply because demand is through the roof and Nintendo know that people will still buy it.

More than half of the worlds population now lives in a city, combine this with the big software vendors, governmental and games industries interest in the home, and you get virtual worlds connected into every part of your entertainment, Leisure and media consumption.

Use an image as a search criterion

I here by claim this idea,,
use an image as the search term "I want to find images like this".

UPDATE
Those crazy dudes at http://labs.systemone.at/retrievr
have just blooming well gone and made it :(
This weeks "Nice work" award goes to Christian Langreiter who did all this way back in 2006

Doing buisness in a virtual world

In the beginning Phil created a virtual world it was without form, and void; And Phil said let there be an architecture and there was the linden grid. And Phil saw the grid and saw that it was good. And so Phil saw rich teens creating avatars in Paris Hiltons image and thought ...
"hey I could really make a few bucks here".

Well thats how it all started. Making virtual money is more complicated nowerdays, Linden Lab founded 99 by Philip Rosedale now has a GDP above $500,000,000 and all the paraphernalia that goes with it, but the virtual economy is not just Secondlifes domain, no no, other virtual worlds such as Club Penguin and Habbo are milking real money out of the pre-teen demographic, and the big boys Disney, Sony and Warner are all about to wade in.

Techniques such ad pegging USD to game tokens, selling virtual relestate, charging for premium content and advertising into the virtual world either during user media consumption or in a specialised area are all helping to loosen our purses. Interestingly a major revenue stream is advertising, consumption is often rewarded i.e. you cant get the cute white Paris H. sunglasses until your avatar has eaten a virtual Mackie D.

We can expect to see new profit leveraging techniques soon such as exclusive content, brand splitting and targeting different consumer demographics such as mothers and the over 40's. I can only wish that the apocalypse happens before I find myself looking forward to taking a virtual bus tour to Snowdonia just so that I can get a virtual zimmer frame.

Green IT and the Prisoner's dilemma

Imagine you want to buy a data center ... you have a choice of 3 suppliers, all things being equal and above board, you will choose the supplier that provides the best kit and service for the lowest cost,.
simple?
no.

If you look at it from an entirely fiscal point of view, which ever supplier has the lowest cost has an advantage in winning the business, as they can provide a lower cost to their customer. But thats bloody obvious I hear you yelling. What stops one of our suppliers from behaving like a right bastard, abusing their work force and the environment? The answer is the state with its threat of the judiciary which representing us individuals and the other suppliers can remove that suppliers competitive advantage and even freedom. Overall everyone is forced to co-operate and by and by everyone more or less wins, in the places where the judiciary has the ability to impose its will.

Game theory describes situations like this as "The prisoners dilemma" the prisoners who default are the bad suppliers, and if everyone behaves (both prisoners and guards) then every one wins

Now apply this logic to the global green issue and climate change. Whichever country that pollutes has a commercial advantage because they have lower costs ... but ... on a global scale there is no real judiciary except the western military which is not powerfull enough to enforce fair play across the entire problem domain therefore the only state that the world can adopt is the Pareto-suboptimal solution. I.e. all nations default, and we allow the environment to collapse.

The only other stable state is a single world government.

Green research focused on HP and Sun,

Sun
Not very forth comming, if phoned they will direct you to the VAR, is messaged they will direct you to a random weirdo in a call center who will redirect you to the VAR! Sun Has a really good “reuse” policy for data center components, servers and other equipment.

Most importantly they are measuring power consumption to transactions which is the most important metric for efficiency to carbon emission.

Here is their public corporate carbon statement > http://www.sun.com/aboutsun/csr/report2007/eco/carbon_reporting.jsp

Here is the bench mark for the SPARC t2000 > http://www.sun.com/servers/coolthreads/t2000/benchmarks.jsp#21

HP
Very forth coming, great site with lots of information (but not transactions), and a nice flash animation of a tree. Most importantly they not only provide power consumption usage they also provide toxicological information and reuse help
http://www.hp.com/hpinfo/globalcitizenship/environment/
http://www.hp.com/hpinfo/globalcitizenship/environment/productdata/edsenterprise.html

Importantly, I could not find the per product manufacturing toxological or carbon cost from either sun or hp.
However both companies have a real focus on addressing the ewaste issue.

Apple Walled garden

After having designed so manny walled gardens, Ive got a special interest in this tech dirt article
"Apple's Walled Garden Will Hurt iPhone Innovation"

Apple have a history of releasing easily hackable software, I have even heard marketing experts say that this is a deliberate policy to drive penetration without putting the apple logo on innovations from the community. They were allowing software like ourTunes to exist and therefore drive the adoption of iTunes. Do you think that this is a serious attempt to limit the development community on the iPhone platform?

im just hoping that they call it the Walled Garden Information Services or WaGIS for short :)

Catholic reform - ideas for a bid for work

I kinda just doodled this. I thought it looked good, so it gets blogged. Ive got another one for "Which ERP tool would Jesus use" but I feel thats taking the mickey too much

How not to be creative

So the new job is really challenging my creativity skills, I was looking for ideas and new ways to present information, and I found this video. Very cool and enjoyable. It stopped me going and getting that Mac :). ill stick to my trusty ubuntu.

This guy is really making sense, and is echoing alot of the thoughts and issues that I have found working in the software community. I remember one project where an architect who was working in the billing and CIO part of the buisnes and I sat down and tried to work out how to do somthing. Well we came up with an idea I combined a couple of technologies with a couple of his technologies ... and we had a very simple way to pay for TV channels. but! my division and his division did not want to work together so although we made v1 a success v2 never happened. He left the company and so did I. The important thing is this. PFE - Proudly Found Elsewhere not Not Invented Here.

NASA's CoLab virtual worlds

What does NASA stand for? Not Another Secondlife Announcement. The egg heads, brianiacs and boffins at NASA have decided to boldly go where no other national space agency has gone before. This weeks announcement is that NASA have launched a second life project called CoLab … as in co-laborate. It’s a virtual laboratory where space enthusiasts can meet with NASA, share their thoughts and take part in “virtual” experiments, such as landing a pod on mars or having a go with a lunar rover.

And Its GREAT!

When Neil Armstrong stepped onto the surface of the moon it marked two massive changes in society, obviously mankind touched its second planet, however (and far more significantly) we saw the birth of global mass media. For many, as Neil Armstrong iconicly made one small step, they were taking a huge leap into the advertisers dream, imagine 1 billion consumers all seeing the same 30 second infomercial.

Nearly 40 years on NASA are looking to pull off the same stunt. A senior NASA PR guy has said “When NASA revisits the moon in 2012 we are going to take you with us”. They hope that landing on the moon again will be a big enough event to get mass acceptance of a virtual world experience.

Ever since my RSS reader picked this news up I’ve been trying to teleport to CoLab and last night I made it all the way through to their region, I even managed to look at the thrusters on an Apollo Saturn before my PC rebooted. The important thing of note here though is that NASA are demonstrating to us a new business technique, which is the opposite of “Not Invented Here”. Its called “Proudly Found Elsewhere”. Modern brands such as Lego, BBC or Google are actively engaging with their brand consumers, and making it fun for them to participate in the production of the brands products.

This is a brilliant and really open way to share information in an interactive way and entertaining way. The fact that space travel is still so incredibly popular that it can bring down secondlife is witness that NASA is a strong global brand. Additionally it shows that NASA’s values about openness and inclusively are still high on their agenda. Nerds in space? I do hope so, and I will certainly be one of them when NASA take us back to the moon

JIRA Confluence - introduceing social networking to the enterprise

I'm so into confluence at the moment. Ive got to try and keep a balance and not let it effect all my solutions.
Its by atlassian, who are a great company that are really driving the new development / content creation environments. http://www.atlassian.com/
Some great videos to watch, just check out bamboo … its really cool

also check this IBM dude http://blogs.ittoolbox.com/km/elsua/archives/introducing-collaboration-technologies-to-the-enterprise-is-a-challenge-and-how-a-critical-mass-of-early-adopters-can-help-12152

His blog makes loads of sense
Here is something else on XMPP (which is behind google chat, but can do loads more)

Ive not used the software he is talking about but have used Jive instead, but its all pretty much the same stuff.
http://www.process-one.net/en/blogs/article/introducing_the_xmpp_application_server/

this is a good read
http://www.atlassian.com/software/confluence/casestudies/dowjones.jsp

Word processing

Who would buy a word processor that dosnt contain the work "blog" in the dictionary?

King of the code

Julian made this song up about me when I left Chello, and frankly I am honored.I hope you find it as amusing as I do. (hosted by the internet archive)

My friend runs a great web site all about robots here
He is looking for ideas about how to make a surveillance robot work in a urban environment.
This is for the MOD grand challenge

Idea 1
Use a small hot air balloon painted black to float onto rooftops at night, deflate the balloon during the day, put a little camera onto it so that it can take pictures.

Idea 2
Hide a robot in a football or coke can and it can roll around the city listening to people and taking pictures.

Do you remember what was fun about buying a record?
It was listening to a song late at night on the radio, then writing the artists name down and getting down to the record store and buying it on the week end.

But what made it cool was talking about it with your fiends, dancing to it in the club and wearing the outfit.

This does not fit into the modern world, any chump can download whatever they want whenever they want, they can checkout the web sites telling you what to listen to and make sure that they have all the right music on their ipod. The fact that its not cool is killing the music industry, not the free downloads.

The listener wants to be a member of an exclusive club. They have to work hard to become a member of this club, i.e. you cant just pay for it.

Today's idea is for the music companies, it is "Limited availability".

In the past mass media age the exclusivity and segmentation of the audience was caused by delivery methods for the media, the awkwardness of buying (finding the shop, knowing the guy and ofcouse going to the gig) the right record accidentally created these micro clubs.

In the modern individual media age, the record company must use methods to digitally emulate this exclusivity. Sophisticated DRM solutions could allow record companies to only allow "cool" people to listen to the music. Teasers and advertising can be used to promote over traditional mass media channels, but to get the great tracks you must be a member of the club. This can only be done by creating hundreds of marginal record labels, Warner will never be cool.

Make a bash for the whole internet !!!
like wget but better