Today’s post is about SSOFI (Single Sign-On Federated Identity) which is an open source project that unloads some of the more challenging issues from the application. Log in once, and then use any number of applications. The server is fast, lightweight, and easy to deploy. Continue reading
Category Archives: OpenID
Registering Again … (Sigh)
The bane of social networking sites is the need to register one more username, one more password, and once more to fill in some sharable details. That is sooooo 2008. I am registering with a conference so I can select interesting presentations, and reminded once again how much I hate registering for sites. Continue reading
SSO Much Fun: Identity Update
OpenID is slowly slowly gaining adoption. Here is a list of resources relevant to cloud identity, authentication, and authorization.
Web Security vs. Superstition, Part 4
Web site security is a very important issue to me. I find it frustrating sometimes dealing with people who operate based more on superstition and urban legends than on solid principles. Part 4 is about some strange behavior I have seen in security groups and other insanity. Continue reading
Web Security vs. Superstition, Part 3
Web site security is a very important issue to me. I find it frustrating sometimes dealing with people who operate based more on superstition and urban legends than on solid principles. Part 3 is about an experience I had with a public forum, and their justification for deviating from these guidelines. Continue reading
Web Security vs. Superstition, Part 2
Web site security is a very important issue to me. I find it frustrating sometimes dealing with the “security experts” in IT who operate based more on superstition and urban legends than on solid principles. Part 2 is in response to my meeting with such a “security expert”. Continue reading
Web Security vs. Superstition, Part 1
Web site security is a very important issue to me. Every application, every information resource, must be built strong enough to put in the Internet, to reliably deliver information to those allowed access, and prevent delivery to those who are not. I find it frustrating sometimes dealing with the “security experts” in IT who operate based more on superstition and urban legends than on solid principles. Part 1 lays down the requirements for a secure web application. Today’s post is prompted by my meeting with such a security expert. Continue reading
Identity Update: Browsers with OpenID?
For about a year I have been pushing OpenID and OAuth as a key component to a large scale “Social Process” system (see posts here, here, and here). In the past year I have tested these ideas with a project called “Process Leaves” which is essentially a wiki which supports a couple of non-profit organizations I volunteer with. In order to access the protected content, you must log in with an OpenId. Yet there is still a problem. Continue reading
REST assured, OAuth security
I have been investigating REST oriented workflow in a secure environment for the past couple of months. I covered OpenID a few months ago which is perfect for allowing for a kind of single sign on (SSO) in a web 2.0 environment without giving any service your password. Signing on to services is important, but how do you get a service to talk to another service, without giving one of them your password? Continue reading
Web 2.1: How OpenID will rescue Web 2.0
I am a self acknowledged “Site Registration Hater” (SRH). I hate registering at web sites. The whole concept behind Web 2.0 is collaboration: the content comes from individual contributors and we build the web together. But every single place where you want to make a contribution, you have to register as a “user” of that site. Continue reading