Supporting IMAP etc. poor-man’s way

There are multiple efforts that are going on to bring the federated identity to non-web protocols. At IETF, it is done in the kitten WG and here are projects like Moonshot that deals with GSS-API etc. That is the right way to go in the long run. At the same time, there is a question […]

Count Up API

As part of the PEAFIAMP project, we are supposed to come up with a way to provide the service providers (SP, RP) to find out how many times the service was provided to the entity. Note that I used entity and not identity here. An entity may have any number of identities, some of which […]

Registration of Attribute Server to the Authorization Server

  As part of the PEAFIAMP project, we are now working on the Attribute Server – Authorization Server introduction. Here, “introduction” is done in the following steps: SP requests certain attributes to the authorization server, using the standardized (registered) vocabulary. Authorization server, since it does not yet know where the attributes lives, it asks the […]

US$1.5M project to bolster the privacy and security of the cyberspace

National Institute of Informatics (NII), University of Tokyo, University of Kyoto, and Nomura Research Institute have jointly won a funding from Ministry of Communication with regard to privacy and security enhancement of the cyberspace through SAML and OpenID Connect. The funding is approximately US$1.5M. The project lead is Prof. Nakamura of NII. It is a project that […]

Analyzing Yahoo! Voices Password Leakage

Lot’s of articles appeared on the Yahoo! Voices’ password leakage on the 11th. Many people seem to be assuming that Yahoo!s password has been leaked, but to me it seems a little different. According to the press articles[1], it seem the password has been extracted from a service called Yahoo!Voices using SQL Union injection. The […]

Is Facebook “Like” button tracking you?

Since I am using it on this blog also, I probably should not talk loudly, but I feel creepy about the Facebook “Like” button. If you go to a site with the “Like” button when you are logged into Facebook, a Cookie like below gets sent. csm=2; xs=3:2bPC2V….; datar=eVE7TanyekLi2UeCWqCdYaUo; fr=0PBQNPwSEhxk3vCRg.RVUkbgel9qAjCByqVqRQ0lSpntc; lu=The17FfNt9Yc_hqg8eoWG04B; s=Ba98fsjdlw-QWvPeofj.BP_Wqm; c_user=1048138174; act=134500423456/1:0; sub=1; […]

Why “privacy” confuses people

Privacy, whether in the east or west, is a word talked in a vague sense leading to much confusion. In this article, I will try to clarify it from two approaches: etymology and legal literature. 1. Etymology of “privacy” According to Online Etymology Dictionary,  privacy is a word first appeared in the 15th century and is composed […]