On the XARA vulnerability on MacOS X and iOS

Just came across this article:¬†Apple CORED: Boffins reveal password-killer 0-days for iOS and OS X, by The Register. Since the news itself did not explain the nature of the attack well enough, I went onto reading the full paper: Xing, Bai, Li, Wang, Chen, Liao: “Unauthorized Cross-App Resource Access on MAC OS X and iOS” […]

Refactoring OpenID Connect Drafts

After the Berlin OpenID AB/C WG F2F meeting, I have been trying to refactor the Connect suites into more palatable form. I am supposed to create two sets of the refactored version. One for a granular split version and the other for a monolithic version. Some people like Torsten and Me push for a granular […]