Friday, July 18, 2008

Deutsche Telekom wins IDDY 2008 Award

Just copying from the Liberty Alliance press release...

Deutsche Telekom AG - Deutsche Telekom AG has received a Multi-Protocol IDDY Award for its identity application designed to lower implementation barriers when it comes to the delivery of Online/IP-based services to consumers. Initially launched in 2002 and winner of the 2006 IDDY Award, the application has been steadily enhanced to offer multi-protocol capabilities for service provider interfaces as well as for authentication methods and automatic user identification. The application serves the requirements of the mass market for Online/IP-based consumer applications by providing fundamental functionalities such as Single Login, Automatic identification, Single Sign On and Single Logout.

* Highlights – With Deutsche Telekom AG serving as an identity provider, the application is a key business enabler for offering Online/IP-based services to Deutsche Telekom AG customers. The application ensures easy implementation of consumer services and shortens the time-to-market for new service offerings. It allows quick and cost-efficient link-up with partners using the identity standard protocol that fits best and reduces the complexity of the IT-architecture. The application provides consumers with a unique and consistent user-interface that is easy-to-use, transparent and secure.

* Technologies – With the goal of tying a wide variety of Online/IP-based consumer services together by means of a common identity management user experience and to provide scenario-focused login methods, the application currently supports SOAP/XML, Secure Token Service, ID-FF 1.2, SAML 2.0, HTTP Basic and HTTP Digest, as well as different authentication methods. The underlying architectural guidelines make it possible to integrate further IDM protocols with the latest enhancements moving to provide preliminary support for OpenID 1.1, OpenID 2.0 and Microsoft CardSpace.

Tuesday, July 08, 2008

Relyingparty Best Practices

Some days ago I went to a kiosk to buy some ice cream for me and my family. I ordered four cones with one scoop of chocolate ice cream each. When I received the first cone I found a huge pile of chocolate ice cream on the cone. I reminded the seller that I had ordered only one scoop and got the answer that this mountain of at least five scoops was _one_ scoop. Hm.

The relying party now has a problem. Its subsystems (kids) already saw the offered claims so there is now no way to plainly reject the token. On the other hand the RP knows that the subsystems (4 5/12 and 5 11/12 years old) can not handle this token without maintainance afterwards. The RP rejects the tokens and asks the issuer to resend them in another format (cup and spoon) without changing the claim's value.

I don't want to stretch this too much but I think that it is not easy to write a best practices paper that is valuable for all RPs. I would have rejected this token because no part of the RP wants to handle strawberry claims.Strawberry Ice Picture from Wikipedia

Carnards Die Hard


A while ago two students, Xuan Chen and Christoph Löhr, from Ruhr University Bochum claimed to have "broken" CardSpace. There were some blog reactions to this claim. The authoritative one of course is from Kim.

Today I browsed through a magazine lying on the desk of a colleague of mine. This magazine with the promising title "IT-Security" repeats the false claim and reports that the students proved that CardSpace has severe security flaws... Well, when you switch off all security mechanism then, yes, there are security flaws (The security researcher in front of the computer).

What can I say?! The existence of this magazine was new to me, but sure they have some readers. The IT-Verlag charges 20€ for this pile of rubbish (Sorry) not very well researched article (page 42).

Interestingly Microsoft is having an ad (the whole second page) in this gazette…

There is still a lot of work for the Information Card Foundation to do.
One of my tasks (privately and not as a member of the ICF) today is to question my colleague about the value of his magazine subscrition...

Monday, July 07, 2008

Gort! Klaatu barada nikto

Because this blog is named ignisvulpis I think that it is allowed to write about a Firefox 3 "feature"... If you type "about:robots" in the address bar then a special page is shown. The title of this page is the quote "Gort! Klaatu barada nikto" from the movie "The day the earth stood still" which I liked as a kid and that is shown in German television really seldom. Anyway the number of google hits when you search for this quote is astonishing. So is the number of related films on YouTube. Here is the "famous" quote:

Here is the trailer of the movie
.
Some of the films remind me on the picture linked-to here:

Tuesday, July 01, 2008

CardSpace for Firefox new version

I just uploaded a new version 1.0.12 of the Firefox extension that enables CardSpace for Firefox.
This now works for the release version of Firefox 3. Although I know at least one site the drives the javascript kungfu to new heights and that does not work with this version... :-(( Fixed this!

Have fun; and happy testing. Please report issues!