April 19th, 2006

So my colleague Paul Madsen (ha ha — no, that’s not him, altho he *is* a “Dr.” — this is him) has published a humorous blog posting about “Alice and Bob” w.r.t. how they are employed in examples in various (Liberty) specifications.

In fact, Alice and Bob have had a long relationship in the security/crypto world, going back into the 1970’s it appears, and they have become part of “the tradition” therein.

Here’s a (old) overview of their doings, tying their escapades back into fundamental facets of computer security, cryptography, and information science…

The Story of Alice and Bob

Average Rating: 4.5 out of 5 based on 267 user reviews.

[ | | | from fda approved pharmacy | ]

Posted in Humor, Security | No Comments »

April 19th, 2006

The SAMLv1 effort began in earnest in Jan-2001. The Liberty Alliance was kicked off by Sun Microsystems in late Summer 2001 and got rolling by Dec-2001. Official, “OASIS Standard” SAMLv1 specs were published in Nov-2002, and the initial Liberty ID-FFv1 (Identity Federation Framework) specs were published in summer 2001 (based on SAMLv1 drafts), with v1.1 in Jan 2003 (based on OASIS-Standard SAMLv1.0). Subsequently, ID-FFv1.x and SAMLv1.x were formally converged to become SAMLv2.0 — which was issued as an OASIS-Standard spec in March 2005.

It’s now April 2006. The above specs are implemented in various commercial and open-source products (e.g. SAMLv2.0 conformance-tested products). What’s up with deployment? Various people have claimed that “those specs are too complicated and aren’t user-centric, and there isn’t any wide deployment of them” (to sort of paraphrase, but nearly quote).

Well, the Liberty Alliance has done some navel-gazing about this, beginning in earnest last year, and we’ve now published both a “Market Adoption” page (to be periodically updated), and have launched a quarterly “Executive Newsletter” — this first issue of which focuses on adoption.

It looks like deployments are occuring and momentum is building (the term “billions” is used), and we’re proving the above quote wrong. Check it out.

Average Rating: 4.5 out of 5 based on 290 user reviews.

[ | | | from fda approved pharmacy | ]

Posted in Identity, Liberty / SAML | 1 Comment »

April 6th, 2006

This slide deck, from the recent Black Hat Europe 2006 conference..

..provides an intriguing look inside the Skype executable, revealing the fairly great lengths its creators went to in attempting to obfuscate its code and workings. Also dissected are the ciphering techniques applied to Skype PDUs (protocol data units, aka packets). The deck illustrates creatively effective use of various debugging/disassembling tools. Icing on the proverbial cake are their some-assembly-required instructions for how to patch skype.exe for use in creating your own closed, private P2P network ๐Ÿ™‚

This work adds to the body of openly disseminated information about this very closed P2P network and program. For reference, here are two earlier analyses..

Average Rating: 4.9 out of 5 based on 167 user reviews.

[ | | | from fda approved pharmacy | ]

Posted in Security, Software engineering, VoIP | No Comments »

March 11th, 2006

My colleague and friend, Susan Landau, works (in one of her multi-facets) at the intersection of privacy, security, and public policy. I find it a good idea to keep up on what she’s writing in these areas. She doesn’t (yet?) have a blog per-se, but watching the publications section of her homepage works pretty well — hence there being a link to her page in my sidebar here. She has a couple of recent articles on the multi-faceted topic of the Internet/VoIP and wiretapping/CALEA that are interesting and provocative…

Average Rating: 4.4 out of 5 based on 154 user reviews.

[ | | | from fda approved pharmacy | ]

Posted in Public Policy, Security, VoIP | No Comments »

March 11th, 2006

I recently co-authored a major rewrite of the so-called “SIP SAML” I-D, crafting it into an actual SAMLv2 profile and binding, now (rather plainly) entitled “SIP SAML Profile and Binding”. Here’s the publication announcement: I-D ACTION:draft-tschofenig-sip-saml-05.txt.

Here is the abstract:

This document specifies a Session Initiation Protocol (SIP) profile of Security Assertion Markup Language (SAML) as well as a SAML SIP binding. The defined SIP SAML Profile composes with the mechanisms defined in the SIP Identity specification and satisfy requirements presented in “Trait-based Authorization Requirements for the Session Initiation Protocol (SIP)”.

Average Rating: 4.9 out of 5 based on 282 user reviews.

[ | | | from fda approved pharmacy | ]

Posted in Identity, SAML, Security, SIP | No Comments »

March 11th, 2006

The “SIP Identity” Internet-Draft, whose lead author is my colleague Jon Peterson, was recently blessed by the IESG and is to be issued as a “Proposed Standard” RFC. Here’s the announcement: Protocol Action: ‘Enhancements for Authenticated Identity Management in the Session Initiation Protocol (SIP)’ to Proposed Standard.

Average Rating: 4.4 out of 5 based on 254 user reviews.

[ | | | from fda approved pharmacy | ]

Posted in Identity, Security, SIP | No Comments »

March 11th, 2006

My colleague John Kemp has blogged a quick, accurate (although partial) tutorial on the Liberty Authentication Service, of which I was the original designer (see my bibliography). I hope he gets the time to post part 2 of his write-up!

Average Rating: 4.9 out of 5 based on 300 user reviews.

[ | | | from fda approved pharmacy | ]

Posted in Identity, Liberty / SAML, Security, Uncategorized | No Comments »

January 13th, 2006

This is a cliche place-holder post whilst I get this here wordpress gizmoid software figgered out. I was going to delete it (this post, not wordpress), but the good ol’ “Hello World” schtick is a time-honored one in the geek world, so I’ll leave it be. ๐Ÿ˜‰

Average Rating: 4.4 out of 5 based on 212 user reviews.

[ | | | from fda approved pharmacy | ]

Posted in Uncategorized | 1 Comment »

Newer Entries »