Upon2020 (archive)

Phriend Phishing

Everybody knows about phishing these days: the attempt by an attacker to trick a victim into revealing information to them by masquerading as somebody else. For example, a site called examplé.com might attempt to pretend to be site example.com. It is often initiated by e-mail, whose sender address can be easily falsified, and often works…

November 14, 2006
What kind of organization is the right one for OpenID?

Let’s assume that the OpenID movement continues its dramatic growth for a few more years, and instead of a dozen technology vendors supporting it for hundreds of sites and a handful of use cases, as it is today, we’ll have hundreds of different implementations on tens or hundreds of thousands of sites, applying it to…

November 13, 2006
Identity Management: Winner-takes-all or not?

The Ping blog quotes Mike Neuenschwander of the Burton Group on whether there’s a winner-takes-all opportunity in identity management: “Although vendors continue to approach the IdM market as a winner-take-all proposition, features of IdM make the market extremely difficult to dominate. For one thing, the resources that identity vendors aspire to control are politically fragmented,…

November 13, 2006
Jeff Jonas: Discoverability: The First Information Sharing Principle

Jeff Jonas wrote a good piece that makes the both profound and obvious point that: … information must be registered … or it cannot be located in any efficient manner. He writes from the perspective of within the enterprise, and from the perspective of setting up a separate "catalog" of information. But this very idea…

November 11, 2006
Tim Berners-Lee thinks OpenID is a good thing

In a blog post here, he says, in the context of reputation: The way quality works on the web is through links … it works because reputable writers make links to things they consider reputable sources … One’s chosen starting page, and a nurtured set of bookmarks, are the entrance points, then, to a selected…

November 3, 2006