Today’s post is about SSOFI (Single Sign-On Federated Identity) which is an open source project that unloads some of the more challenging issues from the application. Log in once, and then use any number of applications. The server is fast, lightweight, and easy to deploy. Continue reading
I think it might be Ben Franklin who said “A paper bill is the worst way to get your account statement, except for all the other ways.” Or maybe not. Whatever. I still get a lot of bills on paper delivered through the (physical) mail, and here is why. Continue reading
The bane of social networking sites is the need to register one more username, one more password, and once more to fill in some sharable details. That is sooooo 2008. I am registering with a conference so I can select interesting presentations, and reminded once again how much I hate registering for sites. Continue reading
Social Software is turning the idea of identity on it head. Actually this is a trend that has been happening for long time, but it is being thrust into the public consciousness by the desire now to bring social systems into the enterprise: ESS. It used to be that on the Internet nobody knows you are a dog), but that is changing. What they do know is your reputation, which becomes your identity. Continue reading
Web site security is a very important issue to me. I find it frustrating sometimes dealing with people who operate based more on superstition and urban legends than on solid principles. Part 4 is about some strange behavior I have seen in security groups and other insanity.
Continue reading
Web site security is a very important issue to me. I find it frustrating sometimes dealing with people who operate based more on superstition and urban legends than on solid principles. Part 3 is about an experience I had with a public forum, and their justification for deviating from these guidelines. Continue reading
Web site security is a very important issue to me. I find it frustrating sometimes dealing with the “security experts” in IT who operate based more on superstition and urban legends than on solid principles. Part 2 is in response to my meeting with such a “security expert”. Continue reading
Web site security is a very important issue to me. Every application, every information resource, must be built strong enough to put in the Internet, to reliably deliver information to those allowed access, and prevent delivery to those who are not. I find it frustrating sometimes dealing with the “security experts” in IT who operate based more on superstition and urban legends than on solid principles. Part 1 lays down the requirements for a secure web application. Today’s post is prompted by my meeting with such a security expert. Continue reading
For about a year I have been pushing OpenID and OAuth as a key component to a large scale “Social Process” system (see posts here, here, and here). In the past year I have tested these ideas with a project called “Process Leaves” which is essentially a wiki which supports a couple of non-profit organizations I volunteer with. In order to access the protected content, you must log in with an OpenId. Yet there is still a problem. Continue reading
I have been investigating REST oriented workflow in a secure environment for the past couple of months. I covered OpenID a few months ago which is perfect for allowing for a kind of single sign on (SSO) in a web 2.0 environment without giving any service your password. Signing on to services is important, but how do you get a service to talk to another service, without giving one of them your password? Continue reading
Thinking Matters 
