IdentityMeme.org

Eve (aka xmlgrrl) posted the following bit of musing today..

Circles of trust: disaster? or really bad idea?
http://www.xmlgrrl.com/blog/archives/2008/01/21/circles-of-trust-disaster-or-really-bad-idea/

..which I tend to think hits the proverbial nail pretty squarely on the head wrt “open internet”, “trust all comers”, and “trust circles”.
One very small, detail-level comment I have on her post is that where she writes..

(where users […]

I’ve done a modest editorial and copy editing update to the OpenID SAML technical comparison document announced earlier. Going forward, the latest rev will be available via this URL:

http://identitymeme.org/doc/draft-hodges-saml-openid-compare.html

Technorati Tags: authentication, Open Standards, openid, saml, Security, simplified sign on, single sign on

Over the past couple of years quite a few folks have asked me, and I’m sure others, “what’s the salient differences between OpenID and SAML?” So earlier this year I began hacking together a technical comparison of the two. It’s an interesting exercise comparing two Web SSO protocols, even one as ostensibly simple, and […]

Andreas Åkre Solberg writes on his Feide blog..

simpleSAMLphp 0.3 is launched. Most interesting in this new release is the SAML 2.0 IdP functionality. The documentation is not covering everything in detail yet, but it should be sufficient to get something up running.

The simpleSAMLphp 0.3 package also features a Shibboleth 1.3-compatible SP written in PHP.
Technorati […]

Well, I’m using the term “debate” loosely here because it seems to me, given the marshalled evidence, there isn’t much of a debate to be had, but in any case, Microsoft has responded to Peter Gutmann’s cost analysis of the DRM subsystems in Windows Vista (of which I’d written about earlier), and also in system […]

Peter Gutmann has just published a fairly detailed examination of Windows Vista Content Protection. It is highly recommended reading in that it has non-trivial implications for essentially all personal computer users of any stripe…

A Cost Analysis of Windows Vista Content Protection
http://www.cs.auckland.ac.nz/~pgut001/pubs/vista_cost.txt

Note that this analysis dovetails with Bruce Schneier’s overall “DRM is futile” piece from 2001…

The […]

Ok, so if yer hip to cryptography at least some, then you know that to do truly strong crypto, one needs a source of very random numbers. This is not all that easy, it turns out. If you’re unaware of this little subtle-but-way-important detail, check out Ross Anderson’s book Security Engineering and Bruce Schneier’s Applied […]

So Pat Patterson has pulled a nice rabbit outta his hat and concocted a SAMLv2 Relying Party Implementation in PHP! I’m going to have to play with this one…

Switching on the Lightbulb

Q&A on the OpenSSO SAML 2.0 PHP work

Technorati Tags: digital identity, Identity, Open Standards, opensource, saml, Security, simplified sign on, single sign on, software […]

Ross Anderson’s excellent book, Security Engineering, is now online and free, as in beer.
Highly recommended reading.
Technorati Tags: Security, software engineering

Ross Anderson, a founder of the field of Security Economics, who previously maintained an old-school homepage as his “blog” (similar to what I also used to do, though he did/does a way better job), is now blogging on his U of Cambridge Security Research group’s blog..
Light Blue Touchpaper
It, and Ross’ other web pages and publications […]