Eve Maler, a.k.a. XMLgrrl and the SAML Lady. (Photos by Annie Laurie Malarkey)

Our new Geek of the Week, Eve Maler, has worked behind-the-scenes for years to improve the technical underpinnings of the Internet — helping to create the standards and technologies that we use to share data online while maintaining our privacy and keeping our digital lives secure.

Maler was one of the inventors of the Extensible Markup Language, better known as XML, one of a wide variety of technical projects that she has founded or helped to lead. Currently an analyst at Forrester Research, she’s a creative force and a member of multiple music groups who has been known to embark on epic cross-stitching projects when she isn’t working to make the web a better place.

Continue reading for Maler’s answers to our questionnaire on subjects including identity, data, and her many geeky pursuits.

Name: Eve Maler (nicknames: XMLgrrl, Carbgrrl, the SAML Lady, Hermione …)

Job, hobby and/or other geeky pursuit: My day job is principal analyst at Forrester Research, serving security and risk professionals. My main avocation is serving as the “chief UMAnitarian” (founder and chair) of the group creating the User-Managed Access (UMA) web protocol. My musical endeavors include being one-fourth of the band Mud Junket and, recently, joining the bass section of the A Cappella Joy barbershop chorus. My personal blog covers a weird hybrid set of topics: digital identity, cross-stitching, low-carb and paleo nutrition, XML, and more.

Coolest thing about what you do: I get to help make the world safe for selective personal data sharing. Can individuals achieve empowerment parity with big companies, so that they all can be effective controllers of the online data and content they “own”, with high standards of security and privacy? I’m working towards that end.

Has XML accomplished what you hoped it would as an industry standard and as a movement? 

Yes, I think so. I’m proud of what we created. The pattern we see over and over again is that new technologies make difficult tasks easier and cheaper for more people. Douglas Crockford has a great saying (specifically about XML’s inadequacies!): “The good thing about reinventing the wheel is that you can get a round one.” With XML we put the goodness of SGML‘s generic markup within the reach of individuals and small companies, and it continues to be used heavily in publishing and web services. In its turn, Crockford’s JSON is bringing user-controlled, programming-friendly data structures to an even wider community. That’s why I’m a big JSON fan, and why we use it heavily in the UMA protocol.

What are the biggest recent advances and remaining challenges in the world of online identity? 

The rise of social sign-in (such as letting users sign in to your news site with their Facebook accounts) is showing the benefits to businesses and individuals of working with external identity providers and attribute providers. OAuth provides the plumbing for this solution, as well as for controlling access to web APIs in general. OpenID Connect and UMA build on OAuth in various ways to provide capable identity and access management (IAM) interfaces that will still be familiar to web devs. As these specs mature, they will provide a formidable foundation for trustworthy identity- and privacy-enabled cloud computing. There’s still work to do around web transactions that safely carry very sensitive information (health data) and very high-value transactions (house purchases). Things will get really interesting as we see the “consumerization of IT” trend unroll for identity — first in SaaS apps, then deep within larger enterprises.

What have you learned so far from your Forrester gig, and how has it changed your perspective?

I’ve been at Forrester just over a year, serving business leaders responsible for IAM, authentication, and web services security at some of the largest and most influential enterprises on the planet. Some things I’ve learned: Regulatory compliance drives a ton of security spending, but also keeps organizations in fear of disrupting out-of-date legacy technologies. This ironically holds them back from using cloud services and enabling mobile device usage in in a more compliant and auditable fashion. Also, IAM in itself isn’t a strategic initiative, but business agility needs are forcing more companies to clean up their identity act.

What does it mean to you to be a geek?

A geek is someone who takes their pursuits to the nth degree with passion. I think of the guy who works at the cutlery store in my neighborhood as a “knife geek” because he knows and loves his stuff: he’s willing to get into the weeds on it at any moment.

Geekiest thing(s) you’ve ever done, built, or worn?

That I’ll admit to, you mean?

  •  There was the time in 1988 when my husband and I and another couple sent away for sewing patterns for ST:TNG uniforms (the first-season one-piece jumpsuits, not the one where you have to tug your shirt down in the “Picard Maneuver”), agonized over the accuracy of our fabric selections, and had a friend make up the uniforms for a Halloween party. I’ve continued to wear mine occasionally down through the years.

Your best tip or trick for managing everyday work and life: OmniFocus (from local company The Omni Group) is my best non-atom-based friend, and Getting Things Done is our shared philosophy. I have a huge set of Forrester-specific project checklist templates that I’ve shared with colleagues. This recent GTD blog post (http://www.gtdtimes.com/2012/01/02/are-you-a-perfectionist/) has proven to be very helpful to me, as I can take perfectionism to ridiculous extremes.

Mac, Windows or Linux? Mac.

Kirk, Picard, Janeway or Sisko? Picard. So handsome.

Transporter, Time Machine or Cloak of Invisibility? Cloak of Invisibility. Not sure if this is kosher in the Potterverse, but I actually own four wands, one of them handmade by a friend. Time to get a wand rack …

If someone gave me $1 million to launch a startup, I would … Launch an UMA authorization manager with the (as yet unavailable) Google+ Circles API, to let people put together sharing policies based on Circles access control lists, and call it CopMonkey. (CopMonkey is the group’s nickname for a hypothetical UMA AM. Long story.)

I once waited in line for … A chance to tell Barry Bostwick how much I loved him as Brad in Rocky Horror, even though he was making an appearance to promote some other (normal) movie.

Your geek role models (And why?): Tank Girl, at least as conceived in the movie. (Am I the only one who loves that movie?) She’s a tank geek! And utterly self-confident, and cheerful, and defiant.

Greatest Game In History: Merchant of Venus, a board game published by Avalon Hill back in the 80’s. We still play it now.

Best Gadget Ever: Keurig K-cup home brewer. I sing its praises every morning.

First computer: My dad sent me an Eagle II computer (which ran CP/M) during my junior year in college. I made money typing people’s papers and senior theses, and always right-justified the (monospaced) text using my spiffy dot matrix printer Because I Could — whether they wanted it or not.

Current phone: iPhone 4.

Favorite app: OmniFocus for Mac OS X and iPhone.

Favorite hangout: Marina Park in Kirkland.

Favorite cause: Free markets.

Most important technology of 2012: Open APIs.

Most important technology of 2015: The next generation of OAuth/OpenID Connect/UMA lightweight authentication and authorization infrastructure. It will materially enable the goal of the US National Strategy for Trusted Identities in Cyberspace (NSTIC): “Making Online Transactions Safer, Faster, and More Private”.

Words of advice for your fellow geeks: Don’t bother buying the Geek Wisdom book for some geek you know. They already have it. (This happened to me.)

Sites: 

Twitter:


Geek of the Week is a regular feature profiling the characters of the Pacific Northwest technology community. See the Geek of the Week archive for more.

Does someone you know deserve this distinguished honor? Send nominations to tips@geekwire.com.

[Geek of the Week photography by Annie Laurie Malarkey, annielaurie@geekwire.com.]

Like what you're reading? Subscribe to GeekWire's free newsletters to catch every headline

Job Listings on GeekWork

Find more jobs on GeekWork. Employers, post a job here.