Data ownership is a rather nasty topic: at a legal level, we have many rights related to data we create or that is about us: privacy regulations, intellectual property rights, copyrights and trademarks, etc. are all aspects of how society…
Category: Security
Trust is one of those concepts in IdM that are hard to define or measure, yet are at the basis of most of our transactions. There are a few different ways to look at trust or capture its essence, including…
When I read Larry Seltzer’s piece on H.R. S 773 IS, I fell into a constant nod about the issues he raised. In addition, I have two more: SEC. 11 (a): Lofty goals, but these seem rather obvious, since they…
Last year we announced an experiment at Sun: in order to gather more information about the operational characteristics of “user-centric” identity technologies, we decided to roll out an OpenID provider for Sun employees. This OpenID provider was intended to…
With the recent news about the DNS cache vulnerability, users are more exposed than ever to potential security attacks, including phishing or pharming attacks, that apply to OpenID as well as other network systems. For example, the ability to redirect…
I attended a meeting of the Hartford, CT, chapter of OWASP yesterday – James McGovern was so nice of inviting me there. OWASP is a group focusing on web application security, with a heavy emphasis on “application” (in contrast to…
Wireshark can decrypt SSL traffic as long as you have the server private key. This can be extremely useful, if you have to debug HTTPS traffic and cannot use HTTP instead or put a MITM in the front (e.g. Windows…
Here is a thought on privacy in Germany: it often appears that privacy protection is taken very seriously in Germany and citizens have decent control over who gets access to their personally identifiable information. I was under that impression myself…
This is quite astonishing: I am sitting in a public elementary school in Massachusetts, happily booting my laptop to finish reading some PDF document. After logging in I suddenly notice that my wireless adapter picks up a network: ‘linksys’. Amazed…
Today I sent a mail to OSIS-General on using OpenSSO for the Identity System/Selector that we are trying to build: We at Sun would like to offer/suggest OpenSSO (http://opensso.dev.java.net/) as a open source project within the OSISframework. I believe OSIS…