Registering Again … (Sigh)

The bane of social networking sites is the need to register one more username, one more password, and once more to fill in some sharable details.  That is sooooo 2008.   I am registering with a conference so I can select interesting presentations, and reminded once again how much I hate registering for sites. Continue reading

Web Security vs. Superstition, Part 4

Web site security is a very important issue to me. I find it frustrating sometimes dealing with people who operate based more on superstition and urban legends than on solid principles.  Part 4 is about some strange behavior I have seen in security groups and other insanity. Continue reading

Web Security vs. Superstition, Part 3

Web site security is a very important issue to me. I find it frustrating sometimes dealing with people who operate based more on superstition and urban legends than on solid principles.  Part 3 is about an experience I had with a public forum, and their justification for deviating from these guidelines. Continue reading

Web Security vs. Superstition, Part 2

Web site security is a very important issue to me. I find it frustrating sometimes dealing with the “security experts” in IT who operate based more on superstition and urban legends than on solid principles.  Part 2 is in response to my meeting with such a “security expert”. Continue reading

Web Security vs. Superstition, Part 1

Web site security is a very important issue to me. Every application, every information resource, must be built strong enough to put in the Internet, to reliably deliver information to those allowed access, and prevent delivery to those who are not.  I find it frustrating sometimes dealing with the “security experts” in IT who operate based more on superstition and urban legends than on solid principles.  Part 1 lays down the requirements for a secure web application.  Today’s post is prompted by my meeting with such a security expert. Continue reading

Identity Update: Browsers with OpenID?

For about a year I have been pushing OpenID and OAuth as a key component to a large scale “Social Process” system (see posts here, here, and here). In the past year I have tested these ideas with a project called “Process Leaves” which is essentially a wiki which supports a couple of non-profit organizations I volunteer with. In order to access the protected content, you must log in with an OpenId. Yet there is still a problem. Continue reading

REST assured, OAuth security

I have been investigating REST oriented workflow in a secure environment for the past couple of months. I covered OpenID a few months ago which is perfect for allowing for a kind of single sign on (SSO) in a web 2.0 environment without giving any service your password. Signing on to services is important, but how do you get a service to talk to another service, without giving one of them your password? Continue reading

Web 2.1: How OpenID will rescue Web 2.0

I am a self acknowledged “Site Registration Hater” (SRH). I hate registering at web sites. The whole concept behind Web 2.0 is collaboration: the content comes from individual contributors and we build the web together. But every single place where you want to make a contribution, you have to register as a “user” of that site. Continue reading