Category: identity

  • getting web sites to adopt a new identity system

    My team at Mozilla works on Persona, an easy and secure web login solution. Persona delivers to web sites and apps just the right information for a meaningful login: an email address of the user’s choice. Persona is one of Mozilla’s first forays “up the stack” into web services. Typically, at Mozilla, we improve the…

  • Identity Systems: white labeling is a no-go

    There’s a new blog post with some criticism of Mozilla Persona, the easy and secure web login solution that my team works on. The great thing about working in the open at Mozilla is that we get this kind of criticism openly, and we respond to it openly, too. The author’s central complaint is that…

  • Firefox is the unlocked browser

    Anil Dash is a man after my own heart in his latest post, The Case for User Agent Extremism. Please go read this awesome post: One of my favorite aspects of the infrastructure of the web is that the way we refer to web browsers in a technical context: User Agents. Divorced from its geeky…

  • the Web is the Platform, and the User is the User

    Mid-2007, I wrote two blog posts — get over it, the web is the platform and the web is the platform [part 2] that turned out to be quite right on one front, and so incredibly wrong on another. Let’s start with where I was right: Apps will be written using HTML and JavaScript. […]…

  • connect on your terms

    I want to talk about what we, the Identity Team at Mozilla, are working on. Mozilla makes Firefox, the 2nd most popular browser in the world, and the only major browser built by a non-profit. Mozilla’s mission is to build a better Web that answers to no one but you, the user. It’s hard to…

  • BrowserID and me

    A few weeks ago, I became Tech Lead on Identity and User Data at Mozilla. This is an awesome and challenging responsibility, and I’ve been busy. When I took on this new responsibility, BrowserID was already well under way, so we were able to launch it in my second week on the project (early July).…

  • and the laws of physics changed

    Google just introduced Google Plus, their take on social networking. Unsurprisingly, Arvind has one of the first great reviews of its most important feature, Circles. Google Circles effectively let you map all the complexities of real-world privacy into your online identity, and that’s simply awesome. You can think of Circles as the actual circles of…

  • The evolution of OpenID: you’re not a URL after all

    The US government has just announced a pilot program to integrate OpenID (and Information Cards) into public government web sites. This is very interesting news, as it will likely catalyze even greater OpenID deployment and use. [I’ve poo-poo’ed OpenID here and here, because of phishing and privacy concerns. I’m still very worried. I’ve suggested ways…

  • Don’t Hash Secrets

    Building secure systems is difficult. It would be nice if we had a bunch of well-designed crypto building blocks that we could assemble in all sorts of ways and be certain that they would, no matter what, yield a secure system overall. There are, in fact, folks working on such things at a theoretical level…

  • Open(Social) Will Win ; and now Privacy?

    If you’re hooked into the social networking world, you know about Facebook and the Facebook platform, which lets developers create all sorts of applications that make use of your Facebook social network in interesting ways. Flixster, for example, lets you share and compare your movie tastes with your existing Facebook friends. No need to reconnect…

  • The Password Anti-Pattern and the Login Redirection Anti-Pattern

    A few weeks ago, I wrote about about how web sites that manage your data should be more open in order to better protect you. Not so surprisingly, I’m not the only one thinking about this issue. Jeremy Keith has a fantastic detailed write-up regarding what he calls the “password anti-pattern.” It gets at the…

  • Facebook Platform: bad login practices, OpenID doesn’t work

    Facebook launched a platform that lets third-party developers add Facebook applications. This is visionary, and it’s very very cool (though I’m not sure it’s the revolution everyone is talking about.) The problem, of course, is authentication. Take a look at the Zoho Facebook application. Zoho is a separate company. They have their own accounts. So…

  • BeamAuth: Two-Factor Web Authentication with a Bookmark.

    (There’s always a dilemma between “publishing soon” and “polishing for peer review.” This is my first attempt at blog-based collaborative peer-review. Let’s see how it goes!) The Problem Phishing is a serious issue, and it’s only getting worse. Through various means, Alice ends up at a spoofed web site she thinks she recognizes (usually her…

  • 2007: Controlled End-User Web APIs for Private-Data Mashups

    As far as technology goes, 2007 will be about web security. With everyone storing more and more personal data on various web sites, and with the continuing innovation of mash-ups, it’s inevitable. And it won’t be the web security issues of the last few years, either, it will all be about how to do private-data…

  • So, I lied….

    It turns out, I’m giving another presentation before my defense… well, sort of, I’m on a panel at the Harvard Berkman Center’s Identity Mashup Conference in 10 days. Lots of very interesting folks getting together to discuss online identity. It should be quite interesting.

  • The Clooney Attack

    George Clooney is upset at the Gawker Stalker web site for tracking celebrities by collecting information from the public. Clooney suggests Data Poisoning their site by submitting hundreds of bogus celebrity sighting reports. I’m a big fan of Clooney’s latest films, but I didn’t realize he was this savvy about the Internet: its greatest strength…

  • My First Podcast – on Digital Identity

    A few weeks ago, I attended Berkman’s Digital Identity gathering where we discussed the technical, legal, and business aspects of the Identity Metasystem, this new, meta approach to online identity promoted by Kim Cameron of Microsoft. I need to write up my thoughts in greater detail, but in the meantime, Aldo Castaneda interviewed me and…