Azigo A-go-goes

I’ve finally had a chance to use Parity’s Azigo Identity Selector, and I have to say I’m impressed.

Pretty huh?

Pretty huh?

Azigo’s biggest differentiating factor is the fact that cards are stored in the cloud — Azigo uses an Adobe AIR front-end to talk to your cloud-based cardstore and submit your cards.  Of course it doesn’t look any different to the user, until the user installs azigo on a second computer, and discovers that their cards are ready to go, no importing required.

Here’s what I loved about Azigo:

  • Easy, beautiful installation script — Azigo is actually a really complex beast, right now there are several parts that have to be downloaded and configured, but the install script takes care of everything.
  • Pretty prettiness — The design is beautiful, it is a joy to see the fonts and colors and rounded spaces.
  • BEST PART:  there is a simple mechanism to group and organize cards according to function.   This is a feature I’ve been dying for for YEARS.  I can now finally separate my OSIS interop cards from my PamelaWare Test Cards from my ICF & PamelaWare Admin cards from the cards I’m playing with at various IdPs.

Issues I found with Azigo:

  • It takes a bit to initially understand the relationship between Azigo in the browser and Azigo the desktop application.  It took only a tiny bit of exploration to get things straight in my mind, but that could be a problem for less adventurous souls.  I understand that the desktop application will be going away in the future anyway, so this is a short-term issue.
  • There is a checkbox when you send a card to a site that asks if you want to just automatically send that card every time that site asks for a card – but there is no persistence to that checkbox, it defaults to automatic submission every time you use the card.   It drives me nuts to have to remember to click that checkbox every time.  I’m assured that this checkbox will become persistent in the future.
  • I found a few other bugs – which isn’t surprising, it just shows that Azigo will improve as people use the application in situations beyond initial testing parameters.  The friendly identifier didn’t correspond to that of the RP, and I had trouble uploading a card image.  Both of these have been reproduced now, and are on their way to being fixed.
  • As a feature request, I am excited to see what the Azigo folks can do with card audit data.  I can’t find any card usage/history data at this point, but hopefully it is coming.

Things I wonder about Azigo

  • I worry about the fact that the cardstore itself is protected by a username & password.  By putting the cardstore in the cloud, we end up having to protect the protection mechanism, and the one that we can’t use to do that are information cards…
  • I wonder if Azigo would license the code to people so that they could run their own cardstores?  I think there could be interesting possibilities in the Enterprise for something like this, perhaps you could do something wacky like combining existing privilege management products with Azigo.  In that case, a short-term user that you don’t want to provision an account to could get limited access to a cardstore containing an elevated privilege card.  This might be useful in the case for a real-life example where a given vendor has a rotating stack of 12 or more auditors, and you wish not to have to provision an account for this revolving door of people, but you want to retain contractual obligations and historical audit.
  • Because this service is available anywhere, it would theoretically be a juicy target for remote attack.  I would love to eventually see user-configurable additional security features in the case where the cardstore is accessed from new IP addresses or countries, or in the case where some threshold of acceptable authentications were exceeded.   I know this is advanced, but I think it would improve confidence in the security of the cardstore.

Overall, I have to say that this selector greatly exceeded my expectations.  Not only is the product really polished, but the people behind the product have been really responsive, making sure to address all of the issues I brought up to them.    Azigo has really made good on the promise of information cards here. For those who don’t follow this area closely, I suggest keeping your eyes on the parent company, Parity.  Parity has always been a leader with respect to mindshare in the area of information cards, but now their products are showing that they are not just up in the ivory tower.  They mean business, and they are going to raise the stakes.

~ by Pamela on 13 Jan 09.

3 Responses to “Azigo A-go-goes”

  1. Maybe Azigo allows only for password protection of i-cards because it’s an early version, and initial users will use it only for low assurance applications, like blog postings. Hopefully the next iteration will support stronger forms of authentication. I’m assuming here that the savvy folks who developed Azigo recognize that high assurance applications require stronger forms of authentication…..especially when the i-cards are stored in the cloud. Or do people believe that there are no high assurance applications that might benefit from i-cards? I hope not.

  2. As VP Infrastructure for Parity, I can assure the previous commenter that Parity takes security of “cards-in-the-cloud” _very_ seriously, and we have been doing an great deal of work to prepare higher-security solutions involving stronger authentication and other protections for the cardstore. Cards-in-the-cloud have many advantages just like storing your money in a bank instead of under a mattress has many advantages, but in both cases you must trust that you’re the only one accessing/controlling the information.

    =Drummond
    http://xri.net/=drummond.reed

  3. We’ve push out an update that fixes several issues including the non-matching friendly identifier. (Ours wasn’t wrong, just old. We were using the older PPID algorithm, but have now updated to match the ISIP 1.5 guidelines). See the full release notes, including upgrade instructions at http://www.azigo.com/release.html.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: