Everybody knows about phishing these days: the attempt by an attacker to trick a victim into revealing information to them by masquerading as somebody else. For example, a site called examplé.com might attempt to pretend to be site example.com. It is often initiated by e-mail, whose sender address can be easily falsified, and often works…

Let’s assume that the OpenID movement continues its dramatic growth for a few more years, and instead of a dozen technology vendors supporting it for hundreds of sites and a handful of use cases, as it is today, we’ll have hundreds of different implementations on tens or hundreds of thousands of sites, applying it to…

If you and I met for the first time yesterday, we spent some time to learn about each other, and you see me crossing the street today, you will recognize me. Recognizing others is a fundamental human ability, and crucial for society to function. (Imagine if we didn’t.) It used to be that way at…

In my quest to learn more about the good stuff that other identity projects have come up with (and that often is subject to a NIH syndrome which I’m not a particular fan of), Drummond Reed has again been the target (victim?) of my questions. [The deal is that he answers my questions, but I…

He said: . If it doesn’t have a URL, it doesn’t exist. This happened to be in a hallroom conversation at Digital Identity World, in the context of URL-based digital identity. But his insight is much broader. The thought that immediately springs to my mind is Wag The Dog‘s "Of course it’s true; I saw…