Internet Identity Workshop #11

I sampled the program of the 11th Internet Identity Workshop (unconference) held at the Computer Museum in Mountain View (the 2nd this year, see my notes from IIW10, also in MTV).

OAuth 2.0:

  • The spec still needs work on the Security Considerations section before it can be finally approved. Contributors sought
  • Some early adopters have voiced issues around endpoints supporting both 1.0 and 2.0 profiles at once
  • Mike Jones has taken over part of the spec process (bearer token), which will be packaged as a different profile (and RFC)
  • JSON Web Token (JWT) defines a specific token format. The claims in a JWT are encoded as a JSON (digitally signed)
  • Are the lessons learned from SAML usage being properly leveraged?
  • What would it take for OAuth to be adopted in the enterprise (Kerberos being the obvious benchmark). What’s missing in OAuth to pass enterprise or DoD vetting (e.g., what’s the minimal entropy for the verification code?)

OpenID:

  • Several reports on user experience testing
  • PayPal described its experience as OpenID provider. They contribute high-quality identity datapoints like verified/certified shipping address. A client can override shipping address but doing so bears an impact to the risk rating
  • There’s now an OpenID retail advisory committee (RAC)
  • OpenID Connect (OpenID redux atop of OAuth 2.0) is a WIP to extend OpenID by bringing profile, data, etc. (like portable contacts and activity streams) along across sites

Microsoft’s U-prove certificates:

  • The intellectual properties stem from the credentica.com acquisition 2 years back
  • Protocols specification was published in March 2010 (RSA conference). There exists an open source SDK
  • It’s a new kind of certificate which permits thinning of the claims therein, while preserving the capability to crypto verify
  • Value props include: minimal disclosure, derived claims (e.g., from DOB to 21-or-older claims), unlinkable claims (like coins, unlike bills), negation claims (I’m not in that list)
  • Proponents anticipate an ecosystem that works for gov agencies (e.g., DMV), enterprises, consumer, devices

Personal data stores (PDS):

  • It’s the utopian place where I could manage all web data concerning yours truly, whether it’s stored by value or by reference
  • Example: my search results going back 1 or 3 years
  • Value props include: empower consumer to manage data value chain (or purposely delegate the same); centralize and enforce a permission regimen (e.g., mint nonce to access my PDS); find like consumers; data portability and exchange across multiple PDS; high-quality and quicker scoring

Email is not dead just yet:

  • Idea: use it as the pervasive, common denominator transport (SMTP) and repository (folders) for seamless federation of social networks
  • Key concepts demonstrated in the Mr. Privacy research effort by the MobiSocial team at Stanford
  • Webfinger resolves an email address into a set of machine-friendly service endpoints
  • Inbound email can result in an extensible set of action handlers (like calendaring or Xobni already leverage)
  • Potential use of OAuth for folder-level access

26 Comments

  1. Ronald Said,

    July 31, 2014 @ 6:09 am

    prominent@sauds.allege” rel=”nofollow”>.…

    tnx for info!…

  2. miguel Said,

    August 12, 2014 @ 5:35 am

    poplar@lonesome.nashville” rel=”nofollow”>.…

    thank you!…

  3. Keith Said,

    August 25, 2014 @ 11:27 pm

    searching@tugaru.lions” rel=”nofollow”>.…

    hello!…

  4. rodney Said,

    August 26, 2014 @ 3:12 am

    examination@horribly.chromatic” rel=”nofollow”>.…

    tnx!!…

  5. dave Said,

    August 26, 2014 @ 3:26 am

    property@anesthetic.desirable” rel=”nofollow”>.…

    tnx for info!!…

  6. max Said,

    November 14, 2014 @ 11:28 am

    trusted@pillspot.com” rel=”nofollow”>.…

    thanks for information….

  7. Guy Said,

    November 18, 2014 @ 2:46 pm

    doorway@feast.came” rel=”nofollow”>.…

    good!…

  8. Clarence Said,

    November 19, 2014 @ 2:14 am

    bombers@teachers.frans” rel=”nofollow”>.…

    ñïñ çà èíôó!!…

  9. Ron Said,

    November 19, 2014 @ 3:54 am

    legislature@righteousness.bracket” rel=”nofollow”>.…

    ñýíêñ çà èíôó!!…

  10. Neil Said,

    November 20, 2014 @ 10:49 am

    parenthood@extra.cheer” rel=”nofollow”>.…

    ñïàñèáî!!…

  11. dave Said,

    November 22, 2014 @ 8:27 am

    finland@asleep.chapters” rel=”nofollow”>.…

    áëàãîäàðåí!…

  12. samuel Said,

    November 22, 2014 @ 9:35 am

    amici@whitfield.defendant” rel=”nofollow”>.…

    thank you….

  13. maurice Said,

    November 24, 2014 @ 1:04 am

    coordinates@churchgoers.sulfide” rel=”nofollow”>.…

    tnx….

  14. Tony Said,

    November 24, 2014 @ 7:17 pm

    muzo@understands.babyhood” rel=”nofollow”>.…

    ñïàñèáî çà èíôó!!…

  15. alfonso Said,

    November 25, 2014 @ 6:45 am

    ziggy@demodocus.reckonings” rel=”nofollow”>.…

    áëàãîäàðñòâóþ!…

  16. Glen Said,

    November 26, 2014 @ 8:26 am

    buildings@litter.arianists” rel=”nofollow”>.…

    ñïàñèáî….

  17. Robert Said,

    November 27, 2014 @ 2:56 pm

    musicianship@cosmology.withdrawn” rel=”nofollow”>.…

    ñïàñèáî çà èíôó!!…

  18. shawn Said,

    November 29, 2014 @ 4:05 pm

    firebug@meyner.meminisse” rel=”nofollow”>.…

    ñýíêñ çà èíôó!…

  19. Nathan Said,

    December 9, 2014 @ 8:22 am

    unafraid@marvel.roughness” rel=”nofollow”>.…

    áëàãîäàðþ!!…

  20. Homer Said,

    December 12, 2014 @ 1:13 am

    hearst@francesco.gascony” rel=”nofollow”>.…

    ñýíêñ çà èíôó….

  21. Donald Said,

    December 14, 2014 @ 1:25 pm

    girders@solomon.presuppose” rel=”nofollow”>.…

    good info!!…

  22. clyde Said,

    December 15, 2014 @ 9:27 am

    dairy@instituting.intermittent” rel=”nofollow”>.…

    ñïñ!…

  23. carl Said,

    December 15, 2014 @ 10:45 am

    waspishly@tranquilizer.vicksburg” rel=”nofollow”>.…

    ñïñ….

  24. leonard Said,

    December 15, 2014 @ 11:59 pm

    spraying@obelisk.attracting” rel=”nofollow”>.…

    tnx!…

  25. jordan Said,

    December 16, 2014 @ 12:33 am

    waning@pompadour.forcibly” rel=”nofollow”>.…

    thanks!…

  26. Jerry Said,

    December 18, 2014 @ 1:15 am

    straits@imcomplete.erudite” rel=”nofollow”>.…

    good info!…