Category: Identity
-
/
Video: VUC 528 Provides An Update On Matrix.org And Wire
Continue Reading: Video: VUC 528 Provides An Update On Matrix.org And WireLast Friday’s VUC conference call / podcast / hangout provided some interesting updates about the ongoing work at Matrix.org to build services for scalable, distributed and federated collaboration systems as well as some discussion of Wire, the app I’ve written about here. Guests included Matthew Hodgson and Amandine Le Pape from Matrix.org, as well as the usual cast of characters and a couple of live demonstrations, too.
You can view the episode web page and listen to the show here:
I joined the show about mid-way through and naturally wound up talking about IPv6, the Internet of Things (IoT), ICANN, DNS and other topics.
FYI, some good info about Matrix.org can be found in their FAQ. Back in November 2014, there was also another VUC episode focused around Matrix.org.
It was an enjoyable show and I’d encourage you to give it a listen.
If you found this post interesting or useful, please consider either:
-
/
Can We Create A “Secure Caller ID” For VoIP? (Join Tomorrow’s STIR BOF To Learn More)
Continue Reading: Can We Create A “Secure Caller ID” For VoIP? (Join Tomorrow’s STIR BOF To Learn More)Can we create a “secure Caller ID” for IP-based communications, a.k.a. voice-over-IP (VoIP)? And specifically for VoIP based on the Session Initiation Protocol (SIP)? Can we create a way to securely identify the origin of a call that can be used to combat robocalling, phishing and telephony denial-of-service (TDOS) attacks?
That is the challenge to be undertaken by the “Secure Telephone Identity Revisited (STIR)” group meeting tomorrow morning, July 30, 2013, at 9:00 am in Berlin, Germany, as part of the 87th meeting of the Internet Engineering Task Force (IETF). The meeting tomorrow is a “Birds Of a Feather (BOF)”, which in IETF language is a meeting to determine whether there is sufficient interest to create a formal “working group” to take on a new body of work within the IETF. The proposed “charter” for this new work begins:
Over the last decade, a growing set of problems have resulted from the lack of security mechanisms for attesting the origins of real-time communications. As with email, the claimed source identity of a SIP request is not verified, and this permits unauthorized use of source identities as part of deceptive and coercive activities, such as robocalling (bulk unsolicited commercial communications),…
-
/
Cutting the landline cord – and losing family identity….
Continue Reading: Cutting the landline cord – and losing family identity….We are in the midst of a truly fascinating cultural shift right now:We are losing the “family identity” that has been the main characteristic of telephony for the past 100 years.
Think about it… the other day we were at an evening event and met a great couple with whom we would like to stay in touch. We exchanged contact info and they, like so many people these days, have “cut the cord” and do not have a traditional landline but instead have individual mobile phones. The result is this:
I can’t call the “Smiths” and speak to someone.
Instead I can call “John Smith” or “Jane Smith”.
If I have a message I want to get to the family I have no simple way to do that. I can no longer call “the family phone” and leave a message on their answering machine inviting them over to dinner.
Instead I need to call one of the individual phones – and perhaps both to be sure the message gets through, given that cell phones can be lost or need recharging or that sometimes voicemail messages simply don’t get through.
And if a young child wants to call a young…
-
/
Want to learn about OpenID? Try the “OpenID Explained” site…
Continue Reading: Want to learn about OpenID? Try the “OpenID Explained” site…Would you like to learn more about OpenID and how it can help with your online identity? Last night in the midst of a intense discussion about OpenID in a Skype chat room, I discovered this site- OpenID Explained:
It’s a well-done site that clearly and simply lays out the problem OpenID is trying to solve, discusses how you can get an OpenID (and has a great discussion about what to look for in an OpenID provider and things to think about in choosing one), and shows you typically go through the OpenID login process.
It’s not a new site.. it seems to have been around for a while… it’s just one I hadn’t come across in my various writing about OpenID and identity issues (scroll down a bit to get to the OpenID posts).
I particularly liked this graphic, as it so nicely captures the intent of using OpenID to reduce the number of user account info you have to remember (click on the image to go to the page with the full-size version):
The site does need a couple of very minor updates… for instance, the link on the text “over 27,000 OpenID-enabled sites” takes you…
-
/
Is the new “.tel” domain more than just a pretty face on top of DNS?
Continue Reading: Is the new “.tel” domain more than just a pretty face on top of DNS?Is the new “.tel” domain launching today more than just a pretty web interface to DNS? Is it something really unique? Is it a new service that couldn’t be easily replicated elsewhere?In case you haven’t been following the subject, a company called Telnic has launched a new top-level DNS domain “.tel” today. Today, December 3rd, is the launch of the “Sunrise” period where companies can (for a high price) obtain the “.tel” domain associated with their trademark.
The point of “.tel”, though, is to not just be “yet-another-top-level-domain” but rather to be a global directory of information – with users/companies having control of their own information.
With the first part of the launch happening today there has been predictably been a good bit of coverage in the blogosphere. Danielle Belopotosky had a great piece up on the NY Times Bits blog, Techmeme has a flow of links to stories and I am sure more will be appearing.
I would, though, suggest people wanting to understand the goals of the service go back and listen to our Squawk Box conversation on September 9th with Telnic’s Justin Hayward (www.justin.tel). The part about .tel starts at about the 17:50 minute…
-
/
Is OpenID really secure? Can you trust it? A Security Round Table podcast explores the issue… and provides a ton of links
Continue Reading: Is OpenID really secure? Can you trust it? A Security Round Table podcast explores the issue… and provides a ton of linksWhat is OpenID? What are the security issues around it? Should you trust using it? What do you have to be worried about? What are the main security threats to it?
While I’ve written about OpenID here, I really wanted to understand more about the security issues around OpenID, so I got together with two other members of the Security Round Table, Michael Santarcangelo and Martin McKeay, to explore the issues around OpenID and security to a far greater degree.
We have shared the resulting conversation as a SRT podcast, and have also published as the show notes the large body of links that we accumulated during our preparation for the show. I’d encourage you to check out the SRT site purely for the links alone, as I think we pulled together one of the more comprehensive lists of links I’ve seen related to OpenID.
In the end, the three of us came aware quite impressed with the possibilities of OpenID with regard to the specific piece of the identity puzzle that it is aiming to solve. We hope this podcast helps people understand both the potential benefits as well as a few potential challenges with regard to security and OpenID. Comments…
-
/
Dean Elwood: "Why SIP Doesn’t Need OpenID"
Continue Reading: Dean Elwood: "Why SIP Doesn’t Need OpenID"Dean Elwood over at VoIPuser.org has taken up the question about Open ID with his post “Why SIP Doesn’t Need OpenID“. Dean suggests that the problem really lies between servers:
The problem of identity authentication actually resides in the server to server realm in a peered environment. How does sip.fwd.com know for sure that a peered call request is really coming from sip.voipuser.org?
Good question… and one that Dean believes can be solved through the use of the already-standardized Open Settlement Protocol (OSP).
The conversation continues…
Technorati tags: identity, openid, SIP, VoIP, OSP -
/
Using your own website/URL for OpenID to keep control of your identity
Continue Reading: Using your own website/URL for OpenID to keep control of your identityAs I continue to explore OpenID, one of my immediate concerns was… how do I choose an identity provider? And if I do use an identity provider, what happens if they stop providing OpenID services? Or what if they are bought by someone and I don’t like the new owner?
Essentially – how do I create an “abstraction layer” that allows me to maintain control of my identity and not be beholden to the whims or policies (or circumstances) of a provider?
The answer is amazingly easy… just use your own domain name! As explained by Simon Willison, the process merely involves inserting two lines of code into the header of the HTML page at the URL you want to use. So, for instance, I updated the page for www.danyork.com (which actually gets pointed to a page in a larger website) to have these two added lines:
<link rel=”openid.server” href=”http://www.livejournal.com/openid/server.bml”>
<link rel=”openid.delegate” href=”http://dyork.livejournal.com/”>That’s it. Now on any website that allows OpenID logins, I simply use the OpenID of “http://www.danyork.com/” and I am briefly redirected to LiveJournal to approve the granting of access to my identity credentials. Simple and easy.
The beautiful part about this is that I can switch…
-
/
AOL & OpenID – 63 million AIM users are now OpenID-enabled! And perhaps a slight security problem…
Continue Reading: AOL & OpenID – 63 million AIM users are now OpenID-enabled! And perhaps a slight security problem…UPDATE: O’Reilly now points over to the post from AOL’s John Panzer about this with more details. It’s funny… I read that post yesterday from John, but I don’t think the enormity of it sank in until about 5am this morning when I read the post from Fred Stutzman that I reference below.
Wow! Talk about a major boost for OpenID… continuing my OpenID research, I learned from reading Fred Stutzman (also here) that all 63 million users of AOL Instant Messenger can now use their AIM account for OpenID! Now, I don’t actually use my AIM account all that much these days (my IMs of preference are Skype, Jabber and MSN/WLM)[1], but I had to try it out, so I headed over to stickis.com and logged in using my AIM screen name – as shown in the image to the right. Simple. Easy.
Okay, that’s fairly cool. My OpenID is simply:
http://openid.aol.com/dyorkottawa
Now the only peculiar thing was that I never saw this screen to grant or deny the access to the site. The only reason I have this screen capture is because I pressed the Back arrow on my browser because I wanted a screen capture of the…
-
/
Doing a "deep dive" on OpenID…
Continue Reading: Doing a "deep dive" on OpenID…I have to blame Aswath. Back in December, he posted a short piece wondering about the use of OpenID in SIP authentication. He contacted Jonathan and I in regard to Blue Box and asked for our comments. We discussed it on Blue Box #48 (at 15:50 in the show) and basically said “well, it’s interesting, but there’s no trust model so we can’t see how it would really work”. I had some further brief email exchange with Aswath, and then somewhere in there he came out with his proposal for extending OpenID use into communication systems. Again he dropped us a note, and again, even with posts like that of phoneboy, I still hadn’t gotten over my concern about trust – and we discussed it again in the soon-to-be-issued Blue Box #51, along with a comment from a listener.
But there was something there that kept nagging at the back of my brain… and then as Microsoft announced support for OpenID out at RSA… and then as AOL is talking about their plans… along with a hundred other smaller indicators… all of it has made me realize that I’ve needed to “go deeper” on what OpenID is all about and how…
