Category: Digital Identity

  • Sen. Wyden: Your data’s yours no matter on whose server it lives

    This is significant, and very welcome. US Sen. Wyden is quoted by the Washington Post as follows: “Some will still argue that by sharing data freely with Facebook, Google, Mint, Uber, Twitter, Fitbit or Instagram, Americans are choosing to make that data public. But that is simply not the case,” And he continues with one […]

  • Marcus Povey and PGP-based login

    Marcus Povey is proposing to use PGP/GPG to log into personal websites such as Known. Where have I heard this before? ;-) Oh, yes, LID, circa 2005, before OpenID etc. Here is how a digitally signed LID requests looks like, broken into separate lines for better readability: http://example.com ?lid=http%3A%2F%2Fmylid.net%2Fjernst &lid-credtype=gpg%20–clearsign &lid-nonce=2014-05-30T16%3A54%3A57.016Z &lid-credential=SHA1%0AVersion%3A+GnuPG+v1.4.11+%28GNU%2FLinux%29%0A%0AiEYEARECAAYFAlOIt%2BEACgkQsIOiz0BhWYZ9MACcCelf5T6XyywOZ5jVq3eyMw9m%0A8C4AoJ6Vz47PKR2%2FEvNqDkv7OWFyHdSU%0A%3DpVzh%0A where: lid: The […]

  • Is there anything about identity on the internet that’s not broken?

    We know that usernames and passwords are broken, password resets are, SSL certificates, hacks like certificate pinning etc. and many other things. Apparently even domain name ownership proof is just as broken: there seems to be no method to authoritatively determine whether somebody who claims to own a domain actually does. If somebody came to […]

  • Digital signatures on JSON payloads — let’s call it ‘jsonsig’

    I’m finding myself wanting to digitally sign JSON content, keeping the signature and metadata inside the JSON file, and I’m largely coming up empty looking for a solution that exists already. I only found: Camlistore: it signs JSON documents but creates an “outer wrapper”. It’s also a bit too specific to Camlistore for my needs. […]

  • On Mozilla’s Persona Post-Mortem

    There’s a great summary on the Mozilla wiki about what did and didn’t work about Persona, Mozilla’s attempt at a new identity protocol for the web. (Given the existence of that page, I’m not sure the project continues to be actively pursued? Techcrunch reports that Persona is dead.) Having been in the middle of the […]