Category Archives: identity

BrowserID and me

A few weeks ago, I became Tech Lead on Identity and User Data at Mozilla. This is an awesome and challenging responsibility, and I’ve been busy. When I took on this new responsibility, BrowserID was already well under way, so … Continue reading

Posted in identity, personal, web | Leave a comment

and the laws of physics changed

Google just introduced Google Plus, their take on social networking. Unsurprisingly, Arvind has one of the first great reviews of its most important feature, Circles. Google Circles effectively let you map all the complexities of real-world privacy into your online … Continue reading

Posted in identity, privacy, web | 6 Comments

The evolution of OpenID: you’re not a URL after all

The US government has just announced a pilot program to integrate OpenID (and Information Cards) into public government web sites. This is very interesting news, as it will likely catalyze even greater OpenID deployment and use. [I’ve poo-poo’ed OpenID here … Continue reading

Posted in identity, privacy, security | 2 Comments

Don’t Hash Secrets

Building secure systems is difficult. It would be nice if we had a bunch of well-designed crypto building blocks that we could assemble in all sorts of ways and be certain that they would, no matter what, yield a secure … Continue reading

Posted in crypto, identity, personal, security, web | 24 Comments

Open(Social) Will Win ; and now Privacy?

If you’re hooked into the social networking world, you know about Facebook and the Facebook platform, which lets developers create all sorts of applications that make use of your Facebook social network in interesting ways. Flixster, for example, lets you … Continue reading

Posted in identity, privacy, web | 4 Comments

The Password Anti-Pattern and the Login Redirection Anti-Pattern

A few weeks ago, I wrote about about how web sites that manage your data should be more open in order to better protect you. Not so surprisingly, I’m not the only one thinking about this issue. Jeremy Keith has … Continue reading

Posted in identity, security, web | 4 Comments

Facebook Platform: bad login practices, OpenID doesn’t work

Facebook launched a platform that lets third-party developers add Facebook applications. This is visionary, and it’s very very cool (though I’m not sure it’s the revolution everyone is talking about.) The problem, of course, is authentication. Take a look at … Continue reading

Posted in crypto, identity, web | 5 Comments

BeamAuth: Two-Factor Web Authentication with a Bookmark.

(There’s always a dilemma between “publishing soon” and “polishing for peer review.” This is my first attempt at blog-based collaborative peer-review. Let’s see how it goes!) The Problem Phishing is a serious issue, and it’s only getting worse. Through various … Continue reading

Posted in crypto, identity, web | 26 Comments

2007: Controlled End-User Web APIs for Private-Data Mashups

As far as technology goes, 2007 will be about web security. With everyone storing more and more personal data on various web sites, and with the continuing innovation of mash-ups, it’s inevitable. And it won’t be the web security issues … Continue reading

Posted in crypto, identity, web | 2 Comments

So, I lied….

It turns out, I’m giving another presentation before my defense… well, sort of, I’m on a panel at the Harvard Berkman Center’s Identity Mashup Conference in 10 days. Lots of very interesting folks getting together to discuss online identity. It … Continue reading

Posted in crypto, identity, policy | Leave a comment