-
OpenID et al Security Economics
Steven J. Murdoch and Ross Anderson, in the very worthwhile “Verifi ed by Visa and MasterCard SecureCode: or, How Not to Design Authentication” assert: While other single sign-on schemes such as OpenID, InfoCard and Liberty came up with decent technology they got the economics wrong… To which I can only respond: “you wish. We don’t have…
-
OpenID Connect? Messina vs. Obasanjo
Chris Messina thinks the OpenID brand should come to mean a package of a number of related “Open Stack” technologies, called OpenID Connect, and start to compete with Facebook Connect. Dare Obasanjo disagrees: he thinks we only need an OpenID Connect if there were multiple incompatible implementations of Facebook Connect-like products from multiple players, to…
-
Smart Meter Security?
Seems PG&E is installing smart meters for electricity and gas in our neighborhood. They use some kind of mesh networking. Anybody know how they might be secured?
-
From 1 to a billion in 5 years. What a little URL can do.
It was at the end of 2004 when I decided to start telling the world about this silly little idea I had had about a year before: give every person on the internet a URL that they could use to identify themselves to any website. Fully decentralized, no permission needed from anybody, under control of…
-
The Credentialed Account Provisioning Anti-Pattern
I wanted to write about this for a long time. A wait in the doctor’s office has its uses … Here is an example scenario from the real world: Like many schools these days, my son’s school has a website where teachers enter current assignments and grades, and students and parents like me can check…