Bernhard Findeiss
Wednesday April 30th, 2008

What is “identity management”, and why should we care about it?

One topic, which has gathered a lot of attention in the IT world, is “Identity Management” (or “IdM”).
What is this topic, and why should everyone know about it (especially everyone surfing the web)?Firstly, I want to point out that identity management is not a single topic for itself, but consists of a number of sub-topics which at first sight don’t seem to have that much to do with each other.

But I think, it is quite important to consider the sub-topics in order to get to a common basis for conversation. Many people in this area concentrate on only one of these sub-topics, yet all of them call it “identity management”.

A classification was introduced during the EU-sponsored FIDIS project. It defined 3 classes of IdM-system:

Type 1: Account Management

This kind of Identity Management is mostly done by companies. Account Management covers all aspects of the employment lifecycle, from initialisation at recruitment, through changes in access rights when promoted, demoted, or transferred to another department, to deletion on leaving the company.
The main objective here is to provide all workers with all the access rights they need to carry out their work (such as email, internet, file access etc.), but also to revoke some of them whenever that is required.

This kind of administration is usually carried out centrally by specially commissioned persons (administrators). Self-service by users themselves is exceptional. Account management focuses on the reliable identification of persons (“authentication”), and the secure assignment of access rights to each person (“authorization”), not on privacy.

Type 2: Profiling of user data by an organization

Type-2-identity management is all about inferring a person’s behaviour, likes, and dislikes from a potentially massive amount of data. As with type-1-identity management, this is also carried out by an organisation. Here too, the focus is more on the reliable assignment of profile information to a person than on privacy.

Unlike type-1-identity management, however, profiling does not focus on the assignment of access rights but rather on gathering knowledge about a person (or a group of persons) by analysing available data.

Possible data sources for profiling can include publicly available information from the internet (which people inevitably leave behind in the course of time), but also systems solely built for the purpose of data collection.
Examples of such systems are, for example, the German “Payback”-System, (which traces people’s buying behaviour by giving them bonus points for each transaction), and the homepage, where you receive recommendations for new products based on previous buying habits. Credit card companies use profiling to detect card misuse (which is characterised by a different usage profile).

Today, there exist a number of specialized search engines, which use publicly available information from the internet to compile a profile of a person. If you want to try it out yourself, just surf over to (if you are looking for a German), or , which focuses more on US citizens.

Type 3: IMS for user-controlled context-dependent role and pseudonym management

This,awkwardly named type of identity management is the kind of identity management, which all of us use if we want to control the kind and the amount of information we leave behind when we surf the web. In this way, a later profiling of your person can be prevented, hindered, or at least be influenced by your wishes.

This type of identity management therefore focuses mainly on the administration of your own private data, and of your own privacy in general.

This type of identity management will, in my opinion, draw much more attention in the future. People are starting to post even the most private matters on the web. So IMS can pay off today, for example if you don’t want to be asked, during your next job interview, about an embarrassing Youtube-video.

Already there are a number of companies whose business is to benefit their customers (for a certain amount of money) by correcting such “errors”. If you consider just how lavishly especially teenagers treat their private data (on pages such as Myspace, Youtube, Twitter etc.), this business model seems to have some potential for the future.

So far, I have given a brief overview of the three types of identity management introduced by the FIDIS project.

Based on this classification, we plan to publish a number of articles, treating such exciting topics as identity federation, context-based authentication or identity management with service-oriented architectures.

Many roads lead from Ottobrunn to Unterhaching. The fastest connection is about 2 km long. It starts at Unterhachinger Str. in Ottobrunn and continues to Ottobrunner Str. on the Unterhaching roundabout. You go straight from east to west, and on the southern side of the street, there is a (my) cycle path.

I have been lived in Ottobrunn/Riemerling since 1990. Since 1992, when InterFace AG moved into the newly built offices in Unterhaching, I have regularly taken this route. It used to be a ride through beautiful countryside. The seasons changed as sunshine replaced rain, or wind was substituted by frost. When a southerly wind blew, the Alps seemed so near you thought you could touch them. The fresh air cleared the head. Next to the lonely rider on his bike, the cars put a slight damper on the idyll, but at least the traffic ran smoothly.

Now this has changed.

Both small and luxurious cars come with masses of fantastic extra equipment such as automatic regulation of distance to the car in front and lights that move as you steer. But none of them has an integrated rubbish bin, so their waste accumulates at the side of the street: bottles and tins, the remains of fast food, cigarette and medicine packing (once, I even saw an empty Viagra box), all kinds of domestic rubbish and whatever else is considered undesirable inside a car. And each day there is a new addition. – which often reminds me of my beautiful vacation with Barbara in Greece back in 1972, when we went through Yugoslavia by car. In those days, we were upset about all the rubbish lying by the side of the streets.

As you arrive in Unterhaching, there is a chemist to your left and the inevitable discounter, both with enormous parking places. On the opposite side, you will find all the places absolutely necessary for survival, such as a solarium, a bakery and a pizza service. To me, everything looks a little American.

The street itself, has been considerably widened. The same is true for the bridge under the Ramersdorf to Salzburg motorway. Increasingly, there is a real traffic jam during the rush hour. Formerly, when I used my car, it took me about half the time of a bike ride to Unterhaching, whereas now my bike is clearly the winner in that competition, because:

Four (!) sizable newly installed sets of traffic lights now stop the cars repeatedly during those two kilometres!


P.S. 1

Installing a new set of traffic lights, including earthworks, costs between 10,000 and 250,000 Euros, depending whether we are talking about a pedestrians crossing or a really big crossroads.

When installed, a set of traffic lights needs the following upkeep (in Euros per year).

The maintenance of a complete set of traffic lights (dependant on its size) costs between 800 and 5,000 Euros (the crew calculates 1,000 Euros as an average per set of 3 lights).

Powering a set of traffic lights (also dependant on its size) costs between 350 and 4,000 Euros.

New lamps inside the individual signals can be estimated at around 1,000 to 1,500 Euros for the 3 lamps.

Source: Cologne city council.

P.S. 2

Here is an extra service for car-drivers:

Be careful when driving from Unterhaching back to Ottobrunn. The police know that many drivers like to “hop” traffic lights, accelerating massively between any two sets of lights. So they often set up a radar trap near the Unterhaching exit. Look behind the cemetery, shortly before the entrance to the tennis club if you want to avoid being asked to make a generous, involuntary contribution to the maintenance costs of all those traffic lights.

Roland Dürre
Sunday April 27th, 2008

What View of Humanity is Held by Modern Management?

Considering companies of all sizes, I have the impression that their bosses seem to have very strange basic beliefs. I consider here 8 assumptions that I have come across in my wanderings through the business world, which seem to be generally accepted.

Hypothesis 1:

Employees can be motivated by “Championing”, (best in class)!

If you ask, “how can you motivate employees these days”, this is the commonest answer. At meetings aimed to motivate staff, one hears phrases such as “We are the best – we are number 1”, or “Our aim is first place!”, or “We can survive in the market only as number 1 or 2 in the world”. Firms chase each other like this, whether in the computer or car industry. But watch out if one gets to first place; at once the grumbles start in the direction that it will be really hard to defend this status.

My Advice:

I am sceptical – perhaps it sometimes helps, but please don’t use it too often.

Hypothesis 2:

Employees can be influenced by style und marketing.

When a firm wants to invade new markets, the first thing is to find a new logo, a new company colour, a new elevator speech. The firm tries to get the employees to identify with the firm through an attractive new corporate identity. I think such methods give only a very superficial identification. There is a danger of producing a “fan culture” oscillating according to the situation between enthusiasm and depression. A healthy identification needs a functioning honest business culture.

My Advice:

Style does no harm, but is not much use.

Style is no substitute for business culture.

Hypothesis 3:

Employees can be influenced by clever slogans.

In elevators and corridors at big firms, we see placards with wise sayings. At the entrance, we are greeted by the company calendar with the motivating saying-of-the-month, (sometimes better, sometimes worse).

Certainly intelligent metaphors often sound good:

To get a ship built, don’t recruit men to find wood, prepare tools, plan the work and allocate tasks, but rather inculcate in the men the yearning for the wide open sea“. (Antoine de Saint-Exupéry)

Nobody is perfect, but a team can be”. (McKinsey)

“It’s not because it’s difficult that we don’t dare, it’s difficult because we don’t dare“. (Seneca)

or instead

Train the fish to jump into the boat” (currently my favourite saying regarding sales).

Good sayings – in homeopathic doses – can aid motivation and orientation.

Bad saying can lead to considerable cynicism. One sees in the elevator:

With us, humans are central” (translated from German).

But the employees complete this with

so they constantly get in the way!

Is such wit desirable?

So please don’t hang wise sayings about the company culture on the wall!

My Advice:

Only use clever sayings in conversation or lectures.

Hypothesis 4:

Employees have no opinions.

Companies seem to see their employees as disfranchised people. Various bodies concern themselves with the beloved workers without asking them; not only management and the law makers, but also works-councils, works-security (particularly the modern outsourced variety) and even system administration, (password and email rules).

Often enough absurdities result. E.g. password rules (at least one capital letter and one special character) assist password breaking, since such rules of course reduce the password-space. Sure, that is a harmless example. Much worse for the company culture are cases such as when the works-council persecutes a worker who stamps out at 17:00, but then works till 19:00 (to avoid conflict with employment laws).

My Advice:

Encourage individual responsibility. Try to establish clear observed rules, by mutual agreement.

Hypothesis 5:

Employees are potential swindlers, corrupt and venal!

That hurts, but many firms really seem to believe that the world and particularly its inhabitants are very bad.

One can argue that time is a reasonable measure of work done. There may be no alternative. But must an intelligent adult with mature character really be required to stamp in and out in the morning and evening? Now, biometric access-controls and extensive identity management are coming too. Not only shops and supermarkets want total video-control, assuming that customers, employees and delivery people are thieves.

I know firms where managers are instructed to discuss with workers any time lost due to illness. In particular, a doctor’s certificate is often required, (whether or not that is legal), for one day’s absence, when the day is a Friday or Monday.

And the questionnaires for middle management concerning compliance remind one forcibly of the cold war, or of the fight against terrorisms.

My Advice:

Step back; let’s start to build a culture of trust.

Hypothesis 6:

Employees can be controlled using planned bonuses.

That is another belief that seems to be widespread in companies throughout the world. Companies are horribly top-down planned-through, as if the planner can really judge in advance what is going to happen in the course of the year. This gives extrinsic motivation that is defined in detailed (but still simplified) form. Naturally, it is very unlikely that achieving the personal goal will really benefit the company. But then, at least one has a business plan that would have done credit to an East-German communist business. Sometimes the targets will be achieved, usually not, but afterwards enough reasons can always be found.

My Advice:

Go for clarity, distribute profits fairly.

Hypothesis 7:

Employees are interchangeable and entirely mobile

This too is a belief of the post-modern age. The catchword is “industrialisation of the working environment”. Experience of simple processes in the industrial world, suggest that the requirements of people can be standardised. Then one needs just the right “skill-profile” to fit the “skill requirements”. The person at work is reduced to a collection of technical and social skills. This sins against the principle of human value. Management is reduced to the bringing together of the demands of the process and the corresponding supply of suitable humans. One speaks cynically of “body shopping”.

The requirement that the right skill must be in the right place at the right time, if possible from Sunday evening to Saturday morning, brings about the “modern nomad life”.

My Advice:

Don’t forget that people are humans and not machines. Lead, rather than boss and administer.

Hypothesis 8:

Employees can be infinitely loaded und have no families.

To be fair, this must hold for all, the management as well as the technicians. All must be permanently available and must react at once. No secretaries, to give us a bit of protection. Everything rains down on us, with no roof, important emails and spam, calendar queries without end. The mobile rings when we are already telephoning. And chat and SMS come in too. The bureaucracy envelopes us, we must deliver numbers and reports. And much of what we have to do seems to make no sense; but we do it anyway.

The company is our first priority. That hurts most those living with their families. We all really should have no families Personnel departments using “newspeak” refer to single mothers as “female employees with family background”.

My Advice: Remember that the families of employees are important stakeholders of the company.

But now enough of hypotheses.…

I miss the conservative (old fashioned) motivation factors!

There is, for instance, the pride in the work done, the satisfaction with good results. Was it not a great motivation for a railway worker, to work in an organisation, where he could help to provide a punctual and reliable infrastructure as basis for a functioning economy?

How was the solidarity among employees of major German companies, with common aims and a feeling of welfare within the company? There were apartments and kindergartens for the employees. At year end, as well as the business results, a social balance was produced. Today there are share-options in place of pensions, a few winners and many losers.

We need enthusiasm for the job. This coupled with healthy common sense, which still these days keeps things from getting even worse.

My Advice:

Use intrinsic motivation, organise small-business structures.

How to go about it?

The basis of all communication and social life in a company is freedom from fear. There is a clear framework, which the employees fill by their responsible actions. There is enough freedom and clarity that everybody can decide what to do. There develops a constructive pleasure in bringing things forwards. The employees themselves decide how dedicated they want to be and choose the tasks that they then perform independently.

My Utopia – Freedom, Clarity and Team-structures!

So function Open Source Projects

The participants themselves choose the themes that seem best to fit their skills and abilities.

They seek challenges in a field that fascinates them and that they want to learn about.

The motivation of every participant is thus intrinsic in nature.

The team member is simultaneously developer and user (customer) of the product, so usability cannot be avoided!

The organisation structure is simple und clear.

The project work follows clear rules.

The objectives are obvious.

The returns on successful work are fairly distributed.

That is surely the secret of success of many Open Source Systems – they function more or less within this utopia.

P.S. 1

I gave this talk (in German) on 22nd April at Augsburg University for AFW (Alumni, Friends, and Supporters of business lawyers) and on 23rd April in Munich at the Munich Technical University for Manage&More in “unternehmerTUM”. Through lively discussion, the listeners contributed greatly to the clarity of my views. For this I thank them gratefully!

P.S. 2

I shall be happy to give this talk (or another) in an academic context to more young people.

Sorry, this entry is only available in German.

Sorry, this entry is only available in German.

mehr »

In 1966, aged 16, I began work at a transport firm in Gersthofen (Germany). Since then, I have carefully observed the behaviour of my workmates. I soon noticed that some of them hurried to record their arrival at work, but then lost the sense of urgency. A long toilet visit was followed by breakfast, important private phone calls, and study of the newspaper. One needs to know what is happening before launching into work (or starting anything else that matters).

These times are gone. Our demanding meritocracy prohibits such a life. Warming-up at the desk has now changed. For people with humour “Bullshit-Bingo” is a favourite morning sport, but ambitious colleagues avoid wasting time on stupid games. They give priority to detailed study of calendars.

One first takes a look at the calendars of any underlings; (control is better than trust!). Then one checks what the colleagues are up to. Then come the chiefs, the special friends and enemies, and of course other particularly interesting bodies.

Much intelligence is won for the strategic and tactical planning of one’s career.

It goes like this:

Why are Mr. Miller and Mrs. Jones meeting at lunch? What is Wainwright doing with the union? Why is my name there (wrongly spelled!) under “concerning” and why does Miller have so many private appointments, what is he up to? And the doings of Jones don’t suit me at all. And Cooper spends all his time in meetings. And our “Dr.” finishes every day at 5. Our Mr. double-barrel hardly has an entry; does he work at all? And look there, Smith, lunching yet again with the firm SuperConsulting. I must talk to the boss. Oh hell, he is booked up for the next three weeks! …

The reality is much worse than this! In big organisations calendars are often released to the whole firm. The staff and external workers, (who are often embedded in the firm), exploit this. They snoop intensively in the calendars. Confidential data are smuggled out. Despite maximum security efforts, that is hardly a problem. To avoid being caught, coded Zip with password is good enough.

It is hardly possible to escape this. Our lives are so dominated by technique that anyone who refuses to use an online calendar will be considered totally outdated, a dinosaur whose quirks interfere with the business processes. Access to one’s calendar cannot be restricted to selected friends. That will not be accepted by those outside the circle of confidents. Once some access is permitted, this permission can never be withdrawn. That would be seen as a clear sign of mistrust.

I am convinced that public calendars, used in the groupware are one of the causes of the bad vibrations in many firms. They cause people to form (mainly) wrong conclusions, quick suspicions and irrational worries and expectations. We all know that people like to develop conspiracy theories.

I ask everyone to check his own calendar! Are there entries that could confuse uninitiated readers? We hack our calendar entries (as well as our emails) into the computer, under time pressure and stress. A clumsy choice of words can have serious effects, causing our colleagues to have dumb ideas, and false assumptions giving rise to strange rumours.

Any confidential appointment marked as private, generates curiosity and mistrust; an ideal source of suspicion, the perfect seedbed for political manoeuvring, and an important cause of uncertainty and fear. Certainly not good for the company culture!

I question the practical usefulness of groupware calendars. Perhaps with no Outlook/Exchange there would at last be less senseless meetings. ….


mehr »

Roland Dürre
Thursday April 17th, 2008

(Deutsch) Unser neuer Blog (RMD und Freunde) #1

Sorry, this entry is only available in German.

Sorry, this entry is only available in German.

Roland Dürre
Wednesday April 16th, 2008

Computer Policy and Car Policy

Computer Policy and Car Policy

Rules for Company Cars

InterFace AG has lots of company cars. An employee who needs a new company car can choose between four makes. If a high mileage is expected, diesel is mandatory. Otherwise it can be freely configured within a defined budget. The Company pays all costs. The employee’s private advantage is taxed in accordance with German law.

Personally, I have not used a company car for years. I don’t want to fall into the psychological trap of thinking that car travel is free.

There is even greater freedom in companies, (for instance car manufacturers), where the employees contribute to the costs of company cars. One can choose a fast sports car, a luxury limousine, a big SUV, or a practical compact car.

I know of no firm that requires every employee to drive a four door 2003 Golf, with identical accessories, maybe in order that the wheels and motors are compatible. But our rules for IT-equipment are just like that!

Rules for Laptops

Our PCs are standardised. Every employee gets the same configuration. No choice, the operating system is fixed for all; a particular browser is specified. The magic formula is “managed service”. It gives no freedom. Computer backups are performed centrally. This is intended to be a service, but becomes a straitjacket.

I regard that as outdated. Modern company software should function like the great web applications. For Wikipedia, Google, Ebay and email providers the operating system and browser are as irrelevant as the colour of a device.

Useful for the Company!?

The straitjacket harms the employees and the company. In order to cope with the resulting strategic questions, staff departments arise and consume more and more resources. Overheads increase, license costs explode, and unhealthy structures are cemented.

Our employees are forced to work with Windows. Then, in the evening they dive into Open-Source projects. They have doubts about the technical competence of the company, but, thank God, can mostly cope with this.

Culture Change

I have now allowed myself the luxury of replacing my four year old XP system with a macBook Pro (having the nice name “Leopard”). This is a serious breach of our strict company policy, so I hereby make a voluntary public confession.

It is a treat – pure luxury! I take this freedom and balance this by spurning a company car . And perhaps the company policy, (all use Microsoft), is not very clever?!

For office software, I use NeoOffice. I backup my own files. There are super possibilities (Time Machine). I shall try to use the standard Mac tools for all activities (Email, Contact, Calendar, etc.).

I expect one or two difficulties. I still have to get used to some aspects of Apple. I tried without success to find backslash and tilde on the keyboard. I still have to port a couple of Word style sheets to NeoOffice (namely two of our company letter formats and the board minutes). And I have to bring my “contacts” across, a bit tedious, but it needs only a reasonably small effort.

And the calendar synchronisation with Exchange will no longer function. Outlook will not come onto my Mac. (That is also a theme where I have problems with our policy). But here there is also an advantage: Previously, only my employees, not my family and friends could access my calendar. (Take a look at Terminkalender-Post). If I now synchronise my Apple calendar publicly, they can see it too.

I won’t let anyone else touch my Mac; certainly no system operator!



I was recently involved in laptop classes in Bavarian grammar schools; a gruesome experience! But that is a subject for a coming “Post”.