Tuesday, March 31, 2009

please think of the kittens

While searching what others write about Information Cards I found this older presentation and want to share especially one slide with you:
If you made OpenID phishing resistant then you have Microsoft CardSpace Geneva?! We need a secure (enough) UI for login and attribute sharing through OpenID, Information Cards and even username/password. I think that cards are a metaphore that users understand and what happens underneath the UI should not really concern the user. I don't want to remember an OpenID or a password, I want to choose a card and what happens under the hood... who cares?! Well, the server vendors care but not the user.
Please join the discussion at the Information Card Foundation!

Mozilla Add-On Workshop Berlin 2009

Last Saturday I attended the Mozilla Add-On Workshop in Berlin. It happened in the c-base which is a really cool location for this kind of events. Although the rooms are connected like pearls on a string which led to some traffic even during the sessions. Anyway it was a good event and I will go there again when it comes to Berlin again.
Things that impressed me:

  • The new video capabilities of Firefox 3.1 are astonishing. You can implement real-time image processing inside the browser to have blue-screen effects or to track people moving in front of the camera or <what-ever-you-can-think-of-on-doing-to-a-bitmap>.
  • DOM worker threads bring concurrency to javascript. This can be helpfull if you have a lengthy job to do but I fear that this can have astonishing effects.
  • The Mozilla Lab's project weave has a new version. Try it. I think it should be easy to extend sharing bookmarks, open tabs, extension from machine to machine to Information Cards and Information Card stores too.

Things that need more work:
  • Mozilla's build system. This is a monster.
    • I tried to build Firefox with Windows SDK 2008 and the .NET 3.5 framework -> no fun
  • crypto support in Mozilla is poor. I need xmldsig, xmlsec and some "basic" digest and crypto (RSA-OAEP-MGF1P) in extensions.
  • Java access from javascript extensions seem to go down the drain unless mozilla and sun do something.

Wednesday, March 18, 2009

RSA 2009 US Personal Schedule for Axel Nennker

RSA 2009 US Personal Schedule for: Axel Nennker
Purple 301
Harnessing the Power of Digital Identity: 2009 and the Promising Road Ahead
Hall D
A Common Call: Architecting a New Information Security Landscape
Hall D
The New Security Agenda: Changing the Game
Hall D
Moving Towards 'End to End Trust': A Collaborative Effort
Hall D
The Cryptographers' Panel
Briefing Center
Mobile 2.0 Trends and Threats
Briefing Center
The Next Generation of Security - Cyber Security

Purple 301
Fostering Collaboration and Opportunities in Identity Management
Purple 309
Using Claims to Simplify and Secure User Access to Applications and Services
Purple 301
Information Cards What User-Centric Computing Can Do for Your Enterprise
Purple 301
Building Authorization Into The Enterprise Identity Metasystem
Hall D
Collaborate with Confidence
Briefing Center
A Pragmatic Approach to Building Identity Management for the Enterprise
Purple 305
Professionalizing the Security of Software Development
Orange 135A
Identity and Privacy Models

Orange 135B
Claims-Based Identity - What is the Business Case?
Purple 306
Mobile Operator's Perspective on Security
Orange 135B
Raising the Bar on Authentication
Hall D
The Transformation of Identity and Access Management
11:00-16:30 Information Card Foundation Directors Meeting

Tuesday, March 10, 2009

Car Re-Registration with Information Cards and German eID by Fraunhofer Fokus

Fraunhofer Fokus demoed a cool scenario where a user re-registers his car using the new German eId and Microsoft CarsSpaceCardspace. What I exspecially liked that the slides show Firefox and the openinfocard selector installed.

The following is the text from the slide:
Re-registration of a car can prove a real headache. But the Fraunhofer Institute for Open Communication Systems FOKUS in Berlin has joined forces with the Bundesdruckerei to develop the prototype of an electronic automobile re-registration procedure that can be conveniently operated using the home computer.
To use this simple procedure, however, the citizen first requires a safe means of identity in the digital world. He or she requires an electronic identity or ‘e-identity’ which needs to be created, administered and decommissioned.
Across its life cycle the digital identity can be used for a wide variety of different transactions and activities – but always with the aim of proving the identity of the real individual in the virtual world. Users must be able to navigate in the digital world; they must reveal certain information about themselves – but not too much and certainly not to everybody. At the same time increasingly pervasive networking means that previously separate islands of identity have now to interact and cooperate.
In the ‘Re-registration of an Vehicle’ scenario the car owner can use an electronic ID card as a means of identification of the type that will come into use in Germany in 2010. Using this card she logs onto a user-centric service – the scenario uses Windows’ CardSpace – which issues her with a ‘digital card’ or Information Card which she can use via an identity provider to safely authenticate herself on an vehicle portal. Using an electronic vehicle registration certificate – which could also become widely available in future – the car registration office can then read off the key data about the car via the internet and store the data that has been changed.
The citizen then transfers the revised data to a future digital license tag.

Please contact Jens Fromm from Fraunhofer Fokus for more information.