The Mozilla Foundation is inviting all email providers to adopt its BrowserID technology and begin validating their users' log-ins to Web sites that support the protocol.
John Fontana's blog traverses the evolving digital identity landscape and its intersection with the cloud, compliance, audit, privacy, mobile computing, API integration and security.
John Fontana is a journalist focusing on access control, identity, privacy and security issues. Currently, he is the Identity Evangelist for strong authentication vendor Yubico, where he writes and edits a blog, as well as, directs several social media channels and represents Yubico at the FIDO Alliance. Prior to Yubico, John spent five years with identity vendor Ping Identity. He also spent 15 years as a senior editor for a variety of publications, including Communications Week, Internet Week and Network World, where he focused on enterprise topics including collaboration, directories, network infrastructure, databases, open source, ERP and security. He covered IBM, Microsoft, Cisco, Oracle, Red Hat, Google among other enterprise vendors. His work has also appeared in the New York Times, CNN, CIO and Mashable.
Six trends will dominate the identity landscape in 2012, according to Gartner. Three are new and three are holdovers from 2011. The trends challenge not only the way IT thinks about identity and how to manage it, but in the technologies and standards available to implement it.
The effort to create a national identity infrastructure is starting to take shape as $10 million is ear-marked to fund pilot programs that may well form the foundation of the National Strategy for Trusted Identities in Cyberspace (NSTIC).
The Electronic Privacy Information Center has filed a Freedom of Information request to see Google's mandated privacy report to the Federal Trade Commission, which is part of April settlement with the agency.
Facebook has drawn the attention from the IETF with a new proprietary extension it developed for an emerging authentication protocol. The extension alters the way user permissions are set for long-life access tokens.
The digital age is launching an assault on privacy as we've known it. As social sites collect more and more data how will attitudes toward privacy change. And what can be done from a self-regulation, legal and end-user stand point to put more control back into the hands of consumers.
The Mozilla Foundation is finally testing its BrowserID authentication system, but a missing part of the architecture used to validate a user's credentials is a big gap the Foundation must address.
A federal case that may have helped define constitutional law in the digital age turns not on the defendant's rights in regard to her encryption password, but on the fact that evidence clearly showed she owned a laptop in question and had access to its contents.
OAuth 2.0, a key framework for securing native mobile applications and APIs, Monday moved a step from being declared an official Internet Engineering Task Force standard. The authentication/authorization framework, which aids in cloud security, lays out an identity access token exchange in lieu of username and password.
Zappos Thursday said it was using a SHA-2 cryptographic hash but would not disclose any details about its "cryptographically scrambled" password format in the wake of a breach that forced the company to reset 24 million passwords.
DARPA is working on a plan to create innovative biometric measurements, such as keystrokes and mouse tracking, as a means of authenticating users to Department of Defense (DOD) IT systems. The full system would eventually replace passwords and government Common Access Cards.
Zappos.com resets 24+ million user passwords after hackers attack its servers. The incident reveals once again the frailty of passwords, especially when used across sites, and that the long-term value to hackers of other personal information stored online is higher than credit card numbers.
The Electronic Privacy Information Center has sent a letter to the Federal Trade Commission asking it to investigate Google's integration of Google+ and Google Search. EPIC cites the FTC's ongoing antitrust investigation of Google and Google's April 2011 settlement with the FTC over deceptive privacy practices.
The government has committed multi-millions to helping the private sector build an identity layer for the Internet. But one analyst says either the Stop Online Piracy Act (SOPA) and the Protect IP Act (PIPA) could result in one government action rendering another moot and bungling the promise of secure IDs.
The best of ZDNet, delivered
- 1 Researchers say WeMo devices flawed, suggest deactivating
- 2 Google unveils 5-year roadmap for strong authentication
- 3 Stolen passwords re-used to attack Best Buy accounts
- 4 AWS folds Facebook, Google credentials into new ID federation tools
- 5 Citadel malware attacking open source password managers