Apple forcing developpers to use in-app browser instead of spawning Safari has been known as an extremely insecure practice for sometime. There many reasons that…
View More Apple’s answer to the in-secure use of in-app browser? — iOS 9 introduces SFSafariViewControllerAuthor: Nat
Having been working on Digital Identity since 2000.
Co-author of various identity related specifications like OpenID Connect, JSON Web Token.
Chair of the OpenID Foundation (2011-)
Vice Chair of the OpenID Foundation (2010),
Founder of OpenID Foundation Japan (2008-),
Trustee of Kantara Initiative (2009-).
JWS, JWT, and others now RFC!
It has taken soooo long [1], but JSON Web Signature (JWS), JSON Web Token (JWT) , together with other JW* suite finally are Standard Track…
View More JWS, JWT, and others now RFC!
Review Comments for draft-ietf-oauth-proof-of-possession-02
Proof-Of-Possession Semantics for JSON Web Tokens (JWTs) draft 02 has been under WGLC till yesterday (March 24, 2015). During the OAuth WG meeting at IETF 92…
View More Review Comments for draft-ietf-oauth-proof-of-possession-02
Seasons Greetings 2014
Seasons greetings video as a replacement to a greeting card. The Christmas Song was written by Mel Torme & Robert Wells on a hot summer day…
View More Seasons Greetings 2014
Making a Javascript OpenID Connect Client in 4 steps
When John, Breno, and I started the OpenID Connect work, one of the target was to make it as simple as putting two files on…
View More Making a Javascript OpenID Connect Client in 4 steps
Autumn Greetings from Japan
Japan is now fully in Autumn. Leaves are turning and colours are beautiful. It is unfortunate that I cannot spend much time in Japan right…
View More Autumn Greetings from Japan
draft 02 of OpenID 2.0 to Connect Migration is now available
OpenID 2.0 to OpenID Connect Migration (aka OID2 to OIDC Migration) is a spec that allows RPs to associate the old OpenID 2.0 identifiers to…
View More draft 02 of OpenID 2.0 to Connect Migration is now available
Public Review of UMA 0.9 is going on
June 24: The three main UMA Version 0.9 specifications – UMA Core , OAuth Resource Set Registration , and UMA Claim Profiles – are out for a45-day public review period ending September 6 at 17:00…
View More Public Review of UMA 0.9 is going on
New vulnerability on OpenSSL found
A new bug in OpenSSL was found by Masashi Kikuchi of Lepidum. It affects all versions of OpenSSL earlier than 1.0.1. For details, please refer…
View More New vulnerability on OpenSSL foundCovert Redirect is not new but.. A risk analysis and recommendations
So, there has been a flurry of worries induced by the CNET and other articles [1] about “Covert Redirect”. Like Leandro Boffi wrote in his blog…
View More Covert Redirect is not new but.. A risk analysis and recommendations
You must be logged in to post a comment.