|
|
Monday, March 31, 2008 - Posts
-
The IEEE Security and Privacy magazine just published an article I co-wrote with Nate Klingenstein and Leif Johansson on Dynamic SAML and how it can be used to simplify SAML deployments. Nate and Leif are two extremely knowledgeable federation and security experts who hail from the Shibboleth community. You can read the article online without a subscription here . It was both interesting and enlightening to work with Nate and Leif on this article as they brought an alternate perspective from the Read More...
|
-
I worked on this diagram of Identity Commons for a few hours last night. I hope it does a good job of getting across our loose distributed yet connected nature. Please let me know if you have ideas to improve it. Someone already mentioned that “standards” is perhaps a challenging word - maybe it [...] Read More...
|
-
I have a new theory on Data Portability. This theory (on Data Portability) which belongs to me is as follows. Ahem. Ahem. This is how it goes. Ahem. The next thing that I am about to say is my theory (on Data Portability). Ahem. Ready? Data Portability is a group of like-minded individuals interested in low-end video production. That is the theory (on Data Portability) that I have and which is mine, and what it is too. Read More...
|
-
Sprolling , v. , to quickly scroll through one's Spam folder looking for falsely maligned valid messages hidden amongst the offers to 'Be #1 for your Grl'. Read More...
|
-
Ping ID and Shibboleth release a paper on Dynamic SAML, a set of related proposals for streamlining SAML partner federation. Although it seems to me that the paper makes only oblique reference to it, in a previous post , Patrick Harding discusses the trust bootstrap question The fact that you trust the key in the meta-data and will use it to validate signatures of SAML messages is because you have separately established trust in the meta-data file itself. So obviously this begs the question – How Read More...
|
-
-
It took quite a while, but by now it is out. Please welcome the Windows CardSpace Information Card extensions for OpenSSO: https://opensso.dev.java.net/source/browse/opensso/extensions/authnicip/ When I started working on this last spring, I was not even hoping to see this released in open source and part of the OpenSSO extensions family in less than a year. It took the goodwill and talent of quite a few people to get this off the ground, but with the public release of this code and the upcoming Read More...
|
-
This is seriously groundbreaking: Clemens (also here ) just finished an example of a Metro client accessing Microsoft's BizTalk Services (aka Internet Service Bus). "Well", you might ask, "what is so groundbreaking about this? Isn't this what this whole web services thingy was supposed to achieve? Interoperability?!" Yes, indeed. However, this is the first time ever (to my knowledge) that Microsoft is releasing JEE code, built with Metro within NetBeans, as part of an SDK . Getting there took quite Read More...
|
-
This is seriously groundbreaking: Clemens (also here ) just finished an example of a Metro client accessing Microsoft's BizTalk Services (aka Internet Service Bus). "Well", you might ask, "what is so groundbreaking about this? Isn't this what this whole web services thingy was supposed to achieve? Interoperability?!" Yes, indeed. However, this is the first time ever (to my knowledge) that Microsoft is releasing JEE code, built with Metro within NetBeans, as part of an SDK . Getting there took quite Read More...
|
-
Everyone is feverishly preparing for the RSA Conference next week. We not only have OSIS Interop activities going on digitally, but RSA has donated us a room for Tuesday and Wednesday (April 8 & 9 2008) - the plan is to have working sessions for participants able to be physically present between 11am [...] Read More...
|
-
Does not imposing OpenID on new registrations serve to reduce user choice & control? Joining Ma.gnolia is easy: just sign in using an account you already have elsewhere on the web. Every RP has the right to decide how to authenticate it's users. If Magnolia (I refuse to use the cute '.') feels it obtains higher assurance or better controls risk by fully relying on 3rd party identities, full power to it (and if they wanted to go further and implement a whitelist of OPs, that would be their call as Read More...
|
-
You might have noticed that sometimes the security token on xmldap's relyingparty is not valid. The conditions on the token are not met because the time on the server was about 30 minutes off. Chuck corrected this immediately and I wanted to verify that the relyingparty there now accepts a security token produced by the latest openinfocard id selector. I quickly installed it, but booom; it failed. The line of code in question was unnecessary anyway so I cleaned up the javascript quickly; transferred Read More...
|
-
Discover Magazine explores the small world phenomena. Forget Osama, more interesting is me -> Eve -> Obama Barry is, as yet, unaware of the closeness of our relationship. I will update once we work through the current Secret Service 'unpleasantness' that is inhibiting the establishment of a direct connection between ourselves. Read More...
|
-
Just as Mike acknowledges a clear explanation of XRI, I will acknowledge the most concise history of web services I have ever read, Before explaining how this is done, just a brief word on the history of Web Services. Web Services are a suite of specifications that enable two (or more) different software systems to interact without knowing the details of the other’s technology. SOAP, the core specification, was released in 1998 and essentially defined a way to encapsulate data in XML. Since that Read More...
|
|
|
|