Archive for the 'Security' Category

Will “open internet” IDM Migrate Towards “trust circles” ?

Monday, January 21st, 2008

Eve (aka xmlgrrl) posted the following bit of musing today..

Circles of trust: disaster? or really bad idea?
http://www.xmlgrrl.com/blog/archives/2008/01/21/circles-of-trust-disaster-or-really-bad-idea/

..which I tend to think hits the proverbial nail pretty squarely on the head wrt “open internet”, “trust all comers”, and “trust circles”.
One very small, detail-level comment I have on her post is that where she writes..

(where users […]

New version of OpenID SAML comparison document

Monday, January 21st, 2008

I’ve done a modest editorial and copy editing update to the OpenID SAML technical comparison document announced earlier. Going forward, the latest rev will be available via this URL:

http://identitymeme.org/doc/draft-hodges-saml-openid-compare.html

Technorati Tags: authentication, Open Standards, openid, saml, Security, simplified sign on, single sign on

(Draft) Technical Comparison: OpenID and SAML

Monday, December 17th, 2007

Over the past couple of years quite a few folks have asked me, and I’m sure others, “what’s the salient differences between OpenID and SAML?” So earlier this year I began hacking together a technical comparison of the two. It’s an interesting exercise comparing two Web SSO protocols, even one as ostensibly simple, and […]

PHP SAML 2.0 IdP launched!

Friday, September 7th, 2007

Andreas Åkre Solberg writes on his Feide blog..

simpleSAMLphp 0.3 is launched. Most interesting in this new release is the SAML 2.0 IdP functionality. The documentation is not covering everything in detail yet, but it should be sufficient to get something up running.

The simpleSAMLphp 0.3 package also features a Shibboleth 1.3-compatible SP written in PHP.
Technorati […]

Debate on Cost Analysis of Windows Vista Content Protection

Friday, January 26th, 2007

Well, I’m using the term “debate” loosely here because it seems to me, given the marshalled evidence, there isn’t much of a debate to be had, but in any case, Microsoft has responded to Peter Gutmann’s cost analysis of the DRM subsystems in Windows Vista (of which I’d written about earlier), and also in system […]

A Cost Analysis of Windows Vista Content Protection

Thursday, December 21st, 2006

Peter Gutmann has just published a fairly detailed examination of Windows Vista Content Protection. It is highly recommended reading in that it has non-trivial implications for essentially all personal computer users of any stripe…

A Cost Analysis of Windows Vista Content Protection
http://www.cs.auckland.ac.nz/~pgut001/pubs/vista_cost.txt

Note that this analysis dovetails with Bruce Schneier’s overall “DRM is futile” piece from 2001…

The […]

Geek Alert: Start-up generates random numbers from space

Thursday, December 14th, 2006

Ok, so if yer hip to cryptography at least some, then you know that to do truly strong crypto, one needs a source of very random numbers. This is not all that easy, it turns out. If you’re unaware of this little subtle-but-way-important detail, check out Ross Anderson’s book Security Engineering and Bruce Schneier’s Applied […]

A SAMLv2 Relying Party PHP Implementation

Wednesday, November 1st, 2006

So Pat Patterson has pulled a nice rabbit outta his hat and concocted a SAMLv2 Relying Party Implementation in PHP! I’m going to have to play with this one…

Switching on the Lightbulb

Q&A on the OpenSSO SAML 2.0 PHP work

Technorati Tags: digital identity, Identity, Open Standards, opensource, saml, Security, simplified sign on, single sign on, software […]

Ross Anderson’s “Security Engineering” book now online

Friday, August 25th, 2006

Ross Anderson’s excellent book, Security Engineering, is now online and free, as in beer.
Highly recommended reading.
Technorati Tags: Security, software engineering

Ross Anderson’s Security Research Group’s blog

Tuesday, August 1st, 2006

Ross Anderson, a founder of the field of Security Economics, who previously maintained an old-school homepage as his “blog” (similar to what I also used to do, though he did/does a way better job), is now blogging on his U of Cambridge Security Research group’s blog..
Light Blue Touchpaper
It, and Ross’ other web pages and publications […]