Amazon Dash, the Device Web, and Speech Verification

I purchased an Amazon Dash button recently. It’s a clever product concept and an example of a headless device that will be a major theme in the emerging Internet of Things movement.

The Internet of Things represents a massive shift in how we will consume services. I would assert that we will reorganize the existing Internet around three functional Internets:

  • The Web: This is what we know today. Constantly evolving, the complexity of services delivered to HTTP endpoint will increase, and as more web consumption moves to mobile, the interoperability of smartphone apps with web services will be transparent.
  • The Dark/Deep Web: This web already exists, it is beyond the reach of search or obscured behind secure and untraceable browser and domain technologies. Most often associated with illegal activity, the Dark/Deep Web will evolve to meet the needs of security and privacy, as well as conduct criminal activities. The Deep internet, that which is not obscured behind technology, it is simply not discoverable via search.
  • The Device Web: The proliferation of connected devices will overwhelm the traditional namespace. The devices that connect to the Device Web will be, predominately, headless. Lacking displays and traditional input modes, these devices will have speech interfaces, simple activation modes, and be tethered to a smartphone via a dedicated app.

My interest in the Device Web is what led me to spring the $5 for a Dash button. A Tide Dash button, we like Tide so what could be better than a simple push button replenishment mode? As it turns out, quite a bit.

dash1The Dash arrived in a simple package and activating the button was a simple process. I pressed the button and held it until the blue light blinked rapidly. Simple enough, just like a Bluetooth device.

With the blue light blinking, I went to the Amazon app that was already installed on my phone and found the “device” menu in the account menu. It was not immediately apparent because I was expecting a dedicated app, but when in retrospect it makes perfect sense the way they built this into their mobile app. I probably should have read the one pager that came with the device first.

The process of configuring the button is two parts, first adding the button to the network and then attaching it to a product option to purchase. The first part is interesting, the Amazon app forces my phone to drop the WIFI connection and form a direct connection to the Dash button. At this point, the app prompts you to select the network to connect the Dash button to. Dash then stores the WIFI password in the device, or in their cloud; it wasn’t clear where the password is being stored.

I wasn’t particularly excited about Amazon having my WIFI password in their network. To me, this represents a new front in privacy strategy because having access to my WIFI network opens up a lot of possibilities for Amazon that I would not endorse.

With the button configured I then needed to attach my product options to the buy button. At this point, my enthusiasm for this device went to zero. The number of products eligible for the Dash button are limited, and our preferred Tide option was not available. I detached the button from my account and put it back in the package. It will be a conversation piece now rather than a method for procuring laundry detergent.

When my six-year-old son saw the Dash button, the first thing he did was press the button, repeatedly. Had it been configured, I would be getting a truckload of Tide. Amazon has designed around this with the purchasing workflow, giving you the opportunity to cancel a transaction before fulfillment, but the problem I have with this is that I have to do it. The button itself does not discriminate between those in my household authorized to buy Tide and those that are not.

The Dash buttons would be significantly improved with a voice verification technology that responds only to an authorized and enrolled user. This authentication could be enabled with a fingerprint sensor but with current technology the cost of the sensor is an obstacle while adding a mic is trivial. Taking this to the next level, redesign the button to remove the button itself to enable Dash with a trigger phrase and voice verification to authenticate a transaction.

I love where Amazon is going with this, pushing the buying transaction out to the natural endpoint. I can envision this being evolved and improved with new technologies and improved backend integration, but I can also see this package being integrated into appliances. Not everyone wants to purchase exclusively through Amazon, so much like smart TVs now come preloaded with multiple streaming services, appliance makers could embed multiple retail options for the consumer.

The IAM Stack Refresh

Ping coporate logo 2014One of the reasons why I joined Ping Identity is that the identity market is undergoing a significant transformation as a result of changing user behaviors. The demands that mobility and APIs are putting on businesses, and how architectural limitations in traditional IAM stacks mean their relevance in the market will invariably decline. This is an exciting time to be in the security technology market and while I won’t claim that security is suddenly sexy, what I can say confidently is that customers are looking at identity as a strategic initiative for driving growth rather than something they need to cover the bases on for risk and compliance.


One particularly interesting opportunity for Ping is in the web access management (WAM) market, which has existed since the late 1990’s and features some very mature products. We are not suggesting companies turn off their WAM products and start over, and point-in-fact, the history of enterprise software is not rich with examples of things being turned off, at least not until the last device is turned off. What typically happens is that more modern products are implemented in parallel to extend legacy investments and eventually what happens is that the legacy products fade into the background and assume a maintenance orientation.

WAM solutions built on a 1.0 framework have declining utility in a world where the security perimeter is changing from firewalls to identity. If your approach to WAM is through a session token and a role-based authentication process, you are not well equipped for the environment that customers find themselves in today. It is with this backdrop that we launched PingAccess last year, but this product is just one piece of a broader strategy to deliver federated identity solutions for web, mobile and API usage that meets the needs of companies in customer, workforce and extended supply chain scenarios. Read more about PingAccess in David Gorton’s latest blog – ‘The WAM Identity Gateway That Can‘.

Mobility and device proliferation impose architectural limits on WAM 1.0 products… but rather than turn those things off, the better strategy is to implement Ping Federated Access Management to manage identity and sessions with standards rather than proprietary tokens.

By unlocking dependency on specific vendors, Ping Identity has the opportunity to lead a generation of ‘IAM refresh’ that will put stack vendors in a box that they cannot break out of with the existing architecture and product portfolio they bring to market today. The Ping Identity advantage of implementation flexibility and speed is coupled with a standards-based approach in a superior architecture and that has real value for companies looking at their mobile strategies and ecosystem enabled services driven by APIs.

CA, IBM, Oracle, et al are not standing still. They are adding mobility and API support into their product set, but the Ping Identity architectural advantages and our proof points for speed, cost and reliability are substantial. Another way to think of this is that if you evaluate products on the basis of who checks the most boxes, you will invariably end up buying the product with the most bloat, not the one that meets your needs today and tomorrow with speed, cost and deployment advantages.

Here are a few examples of how you should consider Ping Identity against stack vendors:

  • Support for mobile browsers and desktop as equal classes. We support user access to apps from any device.
  • REST API deployment model. We use next-gen standards that eliminate the need for a username and password for every app’s authentication and authorization.
  • Administrators have the option of building their own tools because we built the products on a modern API for the administration of the platform.
  • Self-service onboarding for apps. We eliminate the reliance on IT.
  • Federation everywhere. It’s where we came from and influences everything we do.
  • No proprietary tokens. We use standards and this increases integration options while reducing integration cost (friction).
  • No vendor lock-in. An example of this in action is how we use upgrades to deliver new features rather than require the upgrading of agents to maintain support availability.
  • Scope-based access control at authentication rather than role-based, an example of the architectural distinction.

We put together a solutions brief on web and API access management, if you are interested. I know this sounds spammy and anything labeled “solutions brief” is suspect on the basis of being labeled “solutions” however there’s a lot of good info in here and our marketing approach in 2014 is summed up as “be the best answer”.


Identity and The Rise of Borderless States

I had this conversation with @andredurand a few weeks ago. What services does a government provide?

– Identity
– Central bank-backed currency
– Law-and-order (optimally in equal proportions)
– Defense

Of course there are more but many of the things we associate with government, e.g. social services, are in fact choices that a citizenry has made rather than a core obligation of government as a necessary means to govern. So the question now is whether or not we are entering a phase of a pseudo-borderless form of governance where people self-associate according to fluid social preferences and needs. The reason I am inclined to think this is not only possible but probable is that two of the core services that government provides are being undermined, the first by their own actions and the second by technology.

Currency is increasingly disconnected from economic conditions and central banks are demonstrating on a daily basis that their ability to affect currency is tenuous at best. The rise of Bitcoin is presenting a viable alternative currency that has many of the attributes of central bank backed currencies, namely a liquid market to trade. Games and social networks have similarly organized and promoted virtual currencies that can be arbitraged against non-virtual currencies.

Identity, on the other hand, is increasingly being driven by technology and at CIS the various talks about 3rd party verification services really stimulated my thinking on this. What if government-backed identification is no longer the gold standard for proof of identity? What this would mean is that the ability for governments to authenticate identity for transactions and contracts would be undermined and we would be one step closer to borderless states.

I have no way of assessing probability to any of this but the one certainty is that the pace of technological evolution is accelerating and with it comes dramatic social change that has implications well beyond the product and service capabilities by themselves so if I were to think about what the world looks like in 30 or 50 years, I am not sure I would discount any of this.

Speaking of 50 years, this article in American Banker really drives home the point about how identity is informing future businesses in ways that are entirely disruptive to traditional business models.

Fifty years from now? In her excellent and thought-provoking Long Finance report on the future of financial services, Gill Ringland rather memorably said that the citizen of the future would need the critical resources of an identity, a credit score and a parking place in order to function. If that’s true – and I certainly believe it to be the direction of travel – the bank’s critical role will be built on the customer identities, not their deposits. The vaults will not be stuffed with material valuables, but with the most valuable asset of all: personal data.

More on this topic (What's this?)
Daily ETF Trend Report – Currency
Forex Fundamental Analysis
Read more on Currency at Wikinvest