So in the course of my evening of NFC/ISO 14443 smartcard/platform/API “literature” review, I put Steve Yegge’s rant together with an analysis piece about what Google thinks about NFC, and came to an unfortunate conclusion. Google’s lack of NFC APIs, combined with them being the current best hope for getting NFC-enabled, ostensibly open smartphones into the mainstream, does not bode well. My project must be tempered with realism.
(Good) Middleware Takes Time
“The Golden Rule of Platforms, “Eat Your Own Dogfood”, can be rephrased as “Start with a Platform, and Then Use it for Everything.” You can’t just bolt it on later. Certainly not easily at any rate — ask anyone who worked on platformizing MS Office. Or anyone who worked on platformizing Amazon. If you delay it, it’ll be ten times as much work as just doing it correctly up front. You can’t cheat. You can’t have secret back doors for internal apps to get special priority access, not for ANY reason. You need to solve the hard problems up front.” -Steve Yegge, from his now famous accidentally public-facing Google+ rant on platforms
For some time, I have argued that spending the time to do a good service-oriented architecture is the right thing to do, especially in the identity management space. It takes a very long time to do this right, and the QA, health checks and iteration become more time-consuming than defining and writing the initial service. The monitoring for a good SOA becomes the unit tests, mocks, etc, and you end up doing right by your customers by eating your own dogfood. The problem is, in academic higher ed, a lot of time, there seems to be no extra time to spend. You have to do what you can with the time and resources you have. So you try to do the best job you can, and you try to use exiting service frameworks where you can, and make your own where none exist, if you can find the time to do it. That’s one of the reasons I like working where I do- I think people get why services and platforms are good, which you might think is truly amazing to find in a state-funded higher ed institution. The more amazing thing is that I think a lot of state-funded R1 universities get this, and they are getting it more all the time. See: Shibboleth, Grouper and COmanage.
It’s interesting that Google, Facebook, Amazon, Apple and even Microsoft seem to be doing “sexy” things that get a lot of attention. But the academic research institutions are doing a ton of work here, too, and while it’s not glamorous, it’s changing the world for the better.
Weekend Identity/Convergence Stream-of-Consciousness
I’ve been wanting to get a Galaxy Nexus phone for a while- as soon as I found out it was coming to Verizon. This summer I almost ditched Verizon for Sprint to get a Galaxy S 4G with an NFC chip in it, but held off because I knew this newer Nexus was just around the corner. I want to mess around with the NFC feature and see if I can make it store X.509 certs and act as an ISO 14443 smart card for things like workstation logon and door access. The secure element in the Galaxy Nexus is an NXP chip which supports a lot of different NFC protocols, but Google has been pretty open about their non-support for card emulation. This means there’s not a built-in way to handle this stuff yet. But then I found this: http://code.google.com/p/seek-for-android/
Neat!
For a while I was hoping that InfoCard would be a champion for identity selection and user-centric identity. Now I hope it’s smartphones. We’ll see how well this turns out. I’ll be happy if my wallet can go away at some point. It would be great to have payment, drivers’ license, passport, work login/door credentials, etc, all on the phone. Some people probably think that’s a terrible idea and maybe slightly Orwellian (Dvorak: http://www.pcmag.com/article2/0,2817,2395071,00.asp) but I think it just makes sense. The secure elements in these phones truly are secure, until they aren’t any more. By that time we’ll have other things to replace them, and probably lots of other things to worry about.