Belated Seasons Greetings
Sorry for being so late in providing a season greeting this year. There were so many things to think about, and after an ll, we…
Lot’s of articles appeared on the Yahoo! Voices’ password leakage on the 11th. Many people seem to be assuming that Yahoo!s password has been leaked,…
View More Analyzing Yahoo! Voices Password LeakageI just got this message from NIST 20 minutes ago. Identity Ecosystem Steering Group’s secretariat was awarded to Trusted Federal Systems (TFS). The first in-person meeting…
View More Trusted Federal Systems now the NSTIC ID Ecosystem Steering Group SecretariatSince I am using it on this blog also, I probably should not talk loudly, but I feel creepy about the Facebook “Like” button. If…
View More Is Facebook “Like” button tracking you?Privacy, whether in the east or west, is a word talked in a vague sense leading to much confusion. In this article, I will try…
View More Why “privacy” confuses peopleIn the paper titled “Signing Me onto Your Accounts through Facebook and Google: a Traffic-Guided Security Study of Commercially Deployed Single-Sign-On Web Services“, Rui Wang,…
View More Comments on Wang-Chen-Wang paper on OpenID Implementation VulnerabilityAs part of the exercise to see if OpenID Connect Messages 1.0 were written appropriately so that other bindings can be produced, Jun Eijima and…
View More OpenID Connect IdP on iPhoneSo, OpenID Connect provides a lot of advanced facilities to fulfill so many additional feature requested by the member community. It indeed is full of…
View More OpenID Connect Stripped down to just “Authentication” (aka OAuth Authentication)Andreas Åkre Solberg and Roland Hedberg from Fedlab opened a technology preview of the OpenID Connect Test Facility. It is publicly available now. Start right…
View More OpenID Connect Test Facility Preview AvailableSo, I will be a panelist in the following workshop. 2012 NSTIC/IDtrust Workshop: “Technologies and Standards Enabling the Identity Ecosystem” March 13-14, 2012 NIST –…
View More 2012 NSTIC/IDtrust Workshop Panel topics?So it seems there is a little bit of confusion around what needs to be returned from which endpoint among the readers of OpenID Connect…
View More The relationship between endpoint responses and response_type, scope pair