openid | General Musing

Posts Tagged ‘openid’

6 Months of Security Links #2011

I’m a regular curator of daily links, and like to give overviews of my collection of curated links and posts. This is partly as there are some good sources and articles in here and as I am working on a research project which I started based on a number of books I read.

I’m sure you’ll find something interesting in the items below – there are some gems in the list – and I dare to hazard the guess you might learn something you wanted to know.

Read the rest of this entry »

About these ads

Written by Daniël W. Crompton (webhat)

July 15, 2011 at 4:10 pm

Posted in tagging

Tagged with 2010, 4chan, 802.11, aclu, advertising, airplane, airport, algorithm, analysis, audio, audit, authentication, authority, authorization, availability, backbone, bandwidth, bias, biases, biometrics, bluetooth, botnet, browser, bruceschneier, ca, camera, certificate, certificates, china, cia, communication, computer, copyright, cpu, crime, cryptography, cybersecurity, data, database, datagathering, datamining, db, dead, death, defcon, descriptor, detection, disk, diy, drive, drm, drone, economics, embedded, encryption, erase, eu, europe, experiment, facebook, fbi, file, filter, fingerprint, fingerprinting, flying, forensics, freedom, gcc, geolocation, google, government, gprs, gsm, hack, hacking, hardware, hdd, health, hibernate, identification, identity, india, insurance, intelligence, internet, isp, java, javascript, jboss, kerberos, latency, law, learning, lifehacks, linux, livecd, mac, malware, marketing, microsoft, mobile, monitoring, music, mythology, nagog, network, networking, ntlm, oauth, openid, osx, outsourcing, paper, passwd, password, peering, penetration, pentest, performance, pki, plane, police, politics, privacy, quora, ra, recovery, refresher, reload, repair, report, risk, robotics, router, routing, scam, schneier, science, security, seo, socialmedia, socialnetworking, software, solidstate, specialbrands, ssd, ssl, sso, surveillance, system:filetype:pdf, system:media:document, technology, terror, terrorism, testing, theft, threats, tls, toblog, tor, toread, tracking, traffic, travel, tsa, uav, uk, umts, usa, video, visualization, vodafone, vulnerability, wasp, watermarking, web, webapp, webpage, windows, wireless, youtube

This year’s articles about programming #2010

leave a comment »

In 2010 I was less focussed on programming articles on the blog than previous years, still I have managed to create some interesting articles with code in 2010. This is an overview of the activity:

Sync Web with Phone #html #javascript #scratchpad

Having some fun today with QR codes, JavaScript and the Google Analytics URL …

The Structure of a Daily Scrum #agile #scrum

The only questions that are asked in the Daily Scrum, aka Stand-Up, are: What…

Features I Still Miss in Mail #mail #email

UPDATE: GMail has introduced my number 3. YEAH! (Gmail introduces Priority In…

YouTube Channel Unsubscribe #bookmarklet

I like YouTube, and often subscribe to new channels and unsubscribe after a w…

PCI is nice (or what I do) #pcidss

Since I started working for my company I’ve been exposed to PCI DSS (Pa…

Solving the URL shortening problem #twitter #tweet

I don’t understand why url expansion after url shortening is such an is…

VeriSign PIP Browser Certificate workaround (PIN Request) #identity #openid

VeriSign – Personal Identity Portal is a OpenID provider with multiple …

Image source D’Arcy Norman

Written by Daniël W. Crompton (webhat)

December 24, 2010 at 8:52 pm

Posted in review

Tagged with authentication, bank, bing, bookmarklet, business, certificate, chrome, database, dbsm, dss, ecommerce, encryption, firefox, folksonomy, google, greasemonkey, identity, industry, javascript, mail, mashup, merchant, mobile, onetimepassword, openid, otp, password, payment, pci, personal, pip, pki, programming, qr, retailer, risk, rkm, rsa, safari, search, security, shortening, smtp, standard, tagging, technology, url, verisign, web, yahoo!, youtube

VeriSign PIP Browser Certificate workaround (PIN Request) #identity #openid

leave a comment »

VeriSign – Personal Identity Portal is a OpenID provider with multiple factor identification: Password +

Mobile Credential (phone or mail PIN)
Account Information Card (can be used by applications such as Microsoft CardSpace)
VeriSign browser certificate
VeriSign Identity Protection (VIP) Credential (Physical Token)

As I have a browser certificate linked to my old browser and couldn’t login with my current browser I had to figure out a workaround when I don’t have the browser certificate: PIN Request. On the page that does the browser certificate request there is a hidden link to get a PIN send by mail or mobile, which you can find here.

Hope that helps you.

Written by Daniël W. Crompton (webhat)

April 17, 2010 at 7:24 pm

Posted in identity, pki, security, technology

Tagged with authentication, certificate, identity, onetimepassword, openid, otp, password, pip, security, verisign

The Register: Too Quick In Writing Things Off

with one comment

Again The Register writes off technologies that are still functioning. In OpenSocial, OpenID, and Google Gears: Three technologies for history’s dustbin they proudly pronounce the death of Google’s OpenSocial – even though there are 16 sites using it including LinkedIn, Plaxo, Hi5 and MySpace – Google’s Gears and OpenID.

I guess if I can end-of-life something on a whim, anybody can.

Technorati Tags: openid, google, gears, linkedin, myspace, theregister

Written by Daniël W. Crompton (webhat)

September 22, 2008 at 4:47 pm

Posted in blogging, humour, review

Tagged with gears, google, linkedin, myspace, openid, theregister

MySpace gains OpenID, FaceBook should

leave a comment »

Firstly I’m not using WordPress’ Press This feature any more, this is the third time I am having to post this after it ate 2 previous drafts. Maybe I should fix the GreaseMonkey script I build for /. to work on Press This.

After predicting the death of MySpace they have surprised me by adding an OpenID Identity Provider. Obviously they are only allowing you to use it to authenticate on other sites, but still is a step with others including FaceBook haven’t done yet. So I started to muse how FaceBook would be able to top it, and what I actually want from a OpenID Identity Provider:

Authentication (obviously)
FOAF
hCard (or other microformats)
Certificate Authentication (PKI)

ClaimID already has 3 of the 4, but their friend system requires some kind of social networking and as it is not a social networking site it doesn’t really cover FOAF completely. This is why integration of FOAF would be a good step for both FaceBook and MySpace.

MySpace is only acting as an identity provider, meaning that while you can use your MySpace credentials to sign into other Web sites, you cannot yet use your credentials from another OpenID provider to sign into MySpace.

Source: MySpace Opens Up First; Launches Data Availability on Flixster and Eventful

technorati tags: authentication, foaf, hcard, identity, microformat, openid, security

Written by Daniël W. Crompton (webhat)

July 24, 2008 at 3:19 pm

Posted in identity, security

Tagged with authentication, foaf, hcard, identity, microformat, openid, security

MyOpenID Second Factor

leave a comment »

MyOpenID has two additional features I hadn’t seen before. They have added Two-Factor Authentication and TLSCertificate Authentication.

Nice new features, gives me a reason to switch default OpenID provider.

technorati tags: security, openid, authentication, pki, risk

Written by Daniël W. Crompton (webhat)

July 22, 2008 at 7:48 pm

Posted in business, identity, pki, risk

Tagged with authentication, openid, pki, risk, security

Yahoo! and Plaxo support OpenID, kinda…

leave a comment »

This I didn’t know, both Yahoo! and Plaxo support OpenID. I have another OpenID, or do I? When I tried to add the OpenID identifier to ClaimID I get the message:

Could not find OpenID server for [https://me.yahoo.com/<open_id>].

Which I naturally found a little strange. I tried the OpenID at TwitterFeed and it worked. So I tried LiveJournal and got the message:

Sorry! You will not be able to login to this website as it is using an older version of the the OpenID technology. Yahoo! only supports OpenID 2.0 because it is more secure. For more information, check out the OpenID documentation at Yahoo! Developer Network.

Thanks to Yahoo! I did discover TwitterFeed which now feeds these blog posts into my Twitter.

technorati tags: openid, yahoo!, plaxo, twitter, livejournal, twitterfeed, blogging, authentication

Written by Daniël W. Crompton (webhat)

July 7, 2008 at 11:17 am

Posted in blogging, networking, risk, security

Tagged with authentication, blogging, livejournal, openid, plaxo, twitter, twitterfeed, yahoo!

OpenID Implementations

with one comment

I have always loved Identity Management, and like Access Management. I’m a little funny, I like to be identified and want my identity to be linked on different sites. Which is why I like OpenID as an identity management system, I also like the possibility of limiting the exchange of personal information to the site to are identifying yourself too. Some may require a mail address, others may only need to verify that you are authenticated to the other site. LiveJournal allows commentary to be added when using an external authentication source, but does not allow blogging without your identity.

My personal favourites are VeriSign Personal Identity Provider – it has a Firefox add-on “VeriSign’s OpenID SeatBelt” – and ClaimID – it allows attaching external links to your identity. You can examine many more of the implementations on the official OpenID site.

technorati tags: openid, authentication, authorization, identity, verisign, livejournal, firefox