There are multiple efforts that are going on to bring the federated identity to non-web protocols. At IETF, it is done in the kitten WG and here are projects like Moonshot that deals with GSS-API etc. That is the right way to go in the long run. At the same time, there is a question […]
privacy
Count Up API
As part of the PEAFIAMP project, we are supposed to come up with a way to provide the service providers (SP, RP) to find out how many times the service was provided to the entity. Note that I used entity and not identity here. An entity may have any number of identities, some of which […]
Registration of Attribute Server to the Authorization Server
As part of the PEAFIAMP project, we are now working on the Attribute Server – Authorization Server introduction. Here, “introduction” is done in the following steps: SP requests certain attributes to the authorization server, using the standardized (registered) vocabulary. Authorization server, since it does not yet know where the attributes lives, it asks the […]
More on the privacy enhancement project (now PEOFIAMP)
When I wrote the previous post (US$1.5M project to bolster the privacy and security of the cyberspace), the English name of the project was not yet determined. Now we have one. Privacy Enhancement for Open Federated Identity/Access Management Platforms (PEOFIAMP). Here is some more details translated from Japanese research prospectus. (Note, this is only the OpenID […]
US$1.5M project to bolster the privacy and security of the cyberspace
National Institute of Informatics (NII), University of Tokyo, University of Kyoto, and Nomura Research Institute have jointly won a funding from Ministry of Communication with regard to privacy and security enhancement of the cyberspace through SAML and OpenID Connect. The funding is approximately US$1.5M. The project lead is Prof. Nakamura of NII. It is a project that […]
Requirements to Digital Identity back in 2004
To prepare for the panel discussion at the Cloud Identity Summit 2012, I was looking back to my old blog posts. Then, I found this article “Requirements to Digital Identity” which was written back in 2004 in Japanese. Here is the translated version of it: (I have paraphrased them a bit to meet more modern […]
Analyzing Yahoo! Voices Password Leakage
Lot’s of articles appeared on the Yahoo! Voices’ password leakage on the 11th. Many people seem to be assuming that Yahoo!s password has been leaked, but to me it seems a little different. According to the press articles[1], it seem the password has been extracted from a service called Yahoo!Voices using SQL Union injection. The […]
Trusted Federal Systems now the NSTIC ID Ecosystem Steering Group Secretariat
I just got this message from NIST 20 minutes ago. Identity Ecosystem Steering Group’s secretariat was awarded to Trusted Federal Systems (TFS). The first in-person meeting of the Steering Group, tentatively scheduled for the week of August 13 in metropolitan Chicago. Virtual participation will be supported for those who cannot make it in person. Here is […]
Is Facebook “Like” button tracking you?
Since I am using it on this blog also, I probably should not talk loudly, but I feel creepy about the Facebook “Like” button. If you go to a site with the “Like” button when you are logged into Facebook, a Cookie like below gets sent. csm=2; xs=3:2bPC2V….; datar=eVE7TanyekLi2UeCWqCdYaUo; fr=0PBQNPwSEhxk3vCRg.RVUkbgel9qAjCByqVqRQ0lSpntc; lu=The17FfNt9Yc_hqg8eoWG04B; s=Ba98fsjdlw-QWvPeofj.BP_Wqm; c_user=1048138174; act=134500423456/1:0; sub=1; […]
Why “privacy” confuses people
Privacy, whether in the east or west, is a word talked in a vague sense leading to much confusion. In this article, I will try to clarify it from two approaches: etymology and legal literature. 1. Etymology of “privacy” According to Online Etymology Dictionary, privacy is a word first appeared in the 15th century and is composed […]