Living in a World of Connected Systems
A blog by Marc Mercuri RSS 2.0
 Sunday, November 13, 2005
Breakdowns with the human component of identity verification


I've had an interesting day today. Checked into the airport this afternoon, and had a debate with the woman at the counter about my reservation. I received my ticket and was surprised to see I wasn't sitting in business class.

The funny thing is, I had an itinerary and record locator that indicated that I was in business class, but our check in clerk claimed I didn't.

A quick call to her supervisor came back with a confirmation that I did not have a business class seat. The options - take a business class seat for another $200 Euros or take a seat in coach. There was some additional discussion on my part, but I was amazed at how uninterested and unhelpful this particular individual was.

Before leaving the desk, I requested that she use my air miles card from a partner airline. Her response, which struck me as a bit odd, was that there was no need, as I was a gold member.

I begrudgingly took the coach seat and made my way to security. While in line I was thinking about her comment about my being a gold member. While I'm gold on other airlines, this (and the partner) weren't one of them.

I rechecked my ticket.  Not sure who Vincent Mercier is, but he sounds a bit more French than this guy who grew up in Tewskbury, MA and knows just enough French to be either polite or offensive. I returned to the desk, pointed out the mistake and  had my business class ticket in hand.

When sitting in the airport lounge a bit later, I thought about what had just transpired.  Air France has asked initially for my passport, to check claims of identity. That claim wasn't used successfully by the requestor, and a secondary claim - my reservation locator - was provided. Again, this wasn't used. Without success, the workflow required an escalation to another service - the supervisor - and again there was a failure. Here it was based on the information provided by the initial requestor.

It stresses the potential for a breakdown in an identity valdation scenario which involves a human component. The difference between Vincent Mercier and Marc Mercuri is fairly  obvious, but the check-in cleark may have done some faulty pattern recognition based on seeing MERC in both.

Had this been a machine driven interaction, this would likely have gone flawlessly. A selection of destination city would have been used to limit the number of potential name matches and from that subset, the name would have been valdated either 1:1 or possibly with something along the lines of a Soundex).

What makes this breakdown of 'the system' incredibly alarming is that there was no validation of claims from that point forward - once ticket was in hand, I had free access to the system, boarded the plane, disembarked in Paris and am now in my hotel. 

Sure, I provided the token assigned by the airline (a boarding pass) at security - but there was no requirement/check of my passport.  If I had continued through with my initial, erroneously issued token (the ticket in someone elses name), I would surely still be in Paris eating the French interpretation of Cajun Chicken wings.

In this specific context, an identity breakdown has horrific potential. Suppose the mistaken identity had occured not with a guy less interested in connecting systems as disrupting them -  a terrorist.

There were no further checks for identity (intra-EU flights do not have passport control), so someone who slipped through the system could now be freely traversing France.  Given the political climate here in Paris this week (for those unaware, there have been riots and indivduals setting fire to cars in France), it's even more alarming.

With the recent move to self-service kiosks for check in, the mechanisms I mentioned earlier are helping avoid this issue. Introducing some of the technology used there in the human interaction piece (i.e. scanning of passports and system retrieval of information) would help solve the issue, surely.

But that answer begs different questions. We do quality assurance of the software systems, but how do we and how much time do we do testing of the human components in connected systems? And once you've established your test plan, and you go to 'rtm' of the process/workflow, how do your federated users report bugs? In this particular instance we're not talkng about a situation that results in some bizarre behavior in an IDE,  we're talking about international security in the heart of Europe. The clerk surely isn't going to tell her manager, as it points out big mis-step on her part.  There's no contact information on the boarding pass or airline timetable. Going to the Air France web site, I went to the link to their corporate office, which is entirely in French.  I'm on a hotel internet connection at 90 cents per minute, chances are I'm not going to spend an hour navigating their site to let them know about the issue, resulting in an open loophole in a frequently used workflow with potential for failure far, far worse than any blue screen.

In this particular scenario, the issuance of a false token was an 'honest mistake', but suppose that it wasn't.  Imagine if a terrorist cell had someone working behind the ticket counter, what checks are in place to prohibit <i>intentional</i> bad issuance or trust violations?

This isn't just with transportation companies, it spans verticals. For example, if John Smith is caught owing $200,000 in taxes, and the workflow for resolving this dispute is handled by Bill Jones who makes $20,000 per year, John paying $50,000 to Bill Jones to make this whole matter disappear happens. Depending on the country, it happens alot.

These example involved a relatively simple workflow, this obviously gets more complex when dealing with interactons that run multiple partners/parties deep.

If you have a business with a high volume of transactions or high value transactions with consumers or areas with complex workflows , how do you / would you handle these situations? What types of SLAs and legal terms do you have in place to handle scenarios where a human taints the system with a manual violation of trust in a federated scenario?Feel free to speak in the third person and without corporate identities, I'm curious how/if this is being addressed.

 

 

11/13/2005 9:33:20 PM UTC  #    Comments [0] - Trackback
Ideas | Identity | Technology Futures
Live in Amsterdam

I'm writing this from the airport in Amsterdam, I've got a few hours here before connecting
on to Barcelona, the first stop in a three city tour through Europe. For the next week and a half, I'll be visiting with customers and MS field in Barcelona, Munich, and Paris.

As I was disembarking from the plane, I'd turned on my smart phone and within seconds was attached to the local Orange phone network and downloading email from my colleagues back in Seattle. While waiting for my luggage, I was on the web, reading a blog.
 
A few minutes later, and I'm in the KLM lounge.  I flip open my tablet PC, and I'm on a wireless network. I'll be at my hotels today and later this week, all with wireless access. I've not checked on mobile service, but I think I'll be 'live' there as well.

It never ceases to amaze me the level of connectivity that's been put into place over the past 5 years. With connectivity so pervasive, I'm even more interested in our recent Windows Live and Office Live announcements that were made last week. 

Did you see them? If not, go over and check out www.live.com to see what's coming.

11/13/2005 8:42:34 PM UTC  #    Comments [0] - Trackback
Other | Live
 Sunday, October 16, 2005
Reloaded

Ok, so it's been awhile since my last post - about 3 months. Lots of things have happened in the interim, and I've decided to reboot the site.

So what's new?

On the professional front, I made an internal move from being a PM to an Architect Evangelist for the Longhorn Server Evangelism team. I focus primarily on Windows Communication Foundation, Workflow Foundation, and the Identity and Access Management technologies and how they're used in the Enterprise space.

I've also co-authored an upcoming book on Windows Communciation Foundation (WCF) with team mate Craig McMurtry (details to come), and have some cool demos/code I've put together that you'll see posted as the weeks, months go on. I also had the opportunity to participate in Microsoft's Professional Developers Conference, as a co-owner of the Ask the Experts session, writing some labs, and participating in one of the sessions.

On the personal front, I've dropped about 59 pounds with a little help from my friends at the 20/20 program over at ProSportsClub, and am targeting another 50 by next March.

For those rare few of you who subscribed to the blog before, you may have noticed that I've dropped the name 'whyanotherblog' and gone with the 'Living in a World of Connected Systems'. The original name seemed novel whatever late night I bought the url from GoDaddy.com, but in hindsight, was kind of lame :-) 

In the days/weeks/months to come, expect to find code, discussion, links, and screencasts on the latest and greatest stuff coming down the line. 

 

10/16/2005 7:03:52 PM UTC  #    Comments [0] - Trackback
Announcements
Navigation
Home
Categories
 Ajax
 Announcements
 Atlas
 Book
 CardSpace
 Code
 Context
 CRM
 Demos
 Gaming
 Ideas
 Identity
 InfoCenter
 Interop
 Legacy
 Live
 Mash-ups
 Meet
 Micro-ISV
 Open Source
 Other
 Presentations
 REST
 robochamps
 RSS
 Search
 Silverlight
 SQL
 Tafiti
 Technology Futures
 Trust
 Virtualization
 Visual Studio
 WCF
 Web Services
 Webcasts
 WF
 Wii
 WPF
 Xbox360
 Zune
Archive
<November 2005>
SunMonTueWedThuFriSat
303112345
6789101112
13141516171819
20212223242526
27282930123
45678910
Blogroll
 Identity Blog
 Mike Jones
 xmldap.org
About the author/Disclaimer

Disclaimer
The opinions expressed herein are my own personal opinions and do not represent my employer's view in anyway.

© Copyright 2008
Marc Mercuri
Sign In
Statistics
Total Posts: 194
This Year: 32
This Month: 0
This Week: 0
Comments: 262
Themes
Pick a theme:
All Content © 2008, Marc Mercuri
DasBlog theme 'Business' created by Christoph De Baene (delarou)