Video Screencast Help
Authentication (User) Blog
Showing posts tagged with OpenID
Showing posts in English
nicolas_popp | 20 Apr 2011 | 0 comments

Last week, the White House announced its official National Strategy for Trusted Identities in Cyberspace (NSTIC). NSTIC is the largest-ever effort by the federal government and private sector partners (including Symantec) to develop a secure, standards-based and interoperable online identity system. The goal: Improve the security and privacy of online interactions and more effectively fight cybercrime. Today's announcement marks the culmination of two years of effort by VeriSign (first as an independent company and later as part of Symantec) to help bring this important initiative to life.

At the heart of NSTIC is the concept of an Identity Ecosystem based on trusted identity frameworks. Trusted identity frameworks are the lynchpin to...

nicolas_popp | 02 Jun 2010 | 0 comments

I have been involved with a couple similar initiatives around certification for identity and thought it would be interesting to explain the logic behind these efforts. The first initiative is led by the Open Identity Exchange and is based on the Open Identity stack. The second is more enterprise cloud focused; it is driven by the Cloud Security Alliance (CSA). The CSA is developing a more SAML-oriented technology blueprint within OASIS. The technology protocols are different but the risk controls are similar. Therefore, I am hopeful that both trust frameworks will converge (I will certainly try to help them converge).

But let us re-hash the motivation of the industry that sponsors these efforts. A trust framework is necessary to enable policy...

nicolas_popp | 10 May 2010 | 0 comments

When Achilles was a baby, the oracle predicted that he would die in battle from an arrow. Thetis, Achilles' mother who did not want her son to die decided to dip Achilles' body into the water of a river that would make him immortal. Unfortunately, Thetis had held Achilles by the heel which was not washed over by the magic water. Achilles grew up to be a Great War hero, whose apparent invincibility had turned him into a legend. But one day, an arrow shot at him was lodged in his heel, killing him instantly.

When it comes to consumer identity, Facebook looks more and more like the Achilles' of identity. Every day, it is growing more powerful and invincible. Yet, a growing stream of concerns is gradually exposing the social warrior's vulnerability to security and privacy. Nevertheless, as a website, Facebook...

nicolas_popp | 05 Apr 2010 | 0 comments

This week is the week of the OpenID summit in Mountain View, California. We are all hoping that 2010 will be another pivotal year for open identity. There seems to be a combination of market forces that are making federated identity more attractive. In fact, we are hearing new compelling use cases for federation. A first example is cloud access and identity management. As enterprises shift their IT infrastructure and information to the cloud (as in IAAS, PAAS and SAAS applications), CIOs need to federate corporate identities with cloud service providers. For cloud resources, the corporate directory becomes the identity providers and the cloud services are the relying parties (and if you don't have a directory or don't want to use it for federation, Google is in the pole position to be your OP). Another interesting vertical ripe for federation is healthcare. Now that the Obama bill for healthcare has passed, one should expect a revival of health information networks (remember the...

nicolas_popp | 03 Mar 2010 | 0 comments

The Open Identity Exchange was launched this morning at the RSA conference in San Francisco. It is a significant step for federated identity as it will enable US government web sites such as the NIH to embrace open identity standards and roll out open identity services to US citizens. For example, the National Institute of Health can now move out of pilot phase and support accredited OpenID providers.

So, what is the Open Identity Exchange (OIX)? The OIX aims at enabling specialized trust frameworks or certification programs within a vertical community (e.g. US government, health care, financial services). Certification requirements for shared identity can be diverse and complex depending on the level of assurance required. Simply said, when it comes to trust, one size does not fit all.

You can think of a trust framework as the policy sibling of technical...

nicolas_popp | 03 Mar 2010 | 0 comments

The Open Identity Exchange was launched this morning at the RSA conference in San Francisco. It is a significant step for federated identity as it will enable US government web sites such as the NIH to embrace open identity standards and roll out open identity services to US citizens. For example, the National Institute of Health can now move out of pilot phase and support accredited OpenID providers.

So, what is the Open Identity Exchange (OIX)? The OIX aims at enabling specialized trust frameworks or certification programs within a vertical community (e.g. US government, health care, financial services). Certification requirements for shared identity can be diverse and complex depending on the level of assurance required. Simply said, when it comes to trust, one size does not fit all.

You can think of a trust framework as the policy sibling of technical...

nicolas_popp | 03 Nov 2009 | 0 comments

One of key challenges in federated authentication network is the establishment of trust between an identity provider (IDP or OP) and relying party websites (RP). In the real world, contractual agreements provide a simple out-of-band mechanism to effectively bind two parties into a trust relationship. When it comes to federated identity networks, peer to peer contracts between many identity providers and a myriad of relying party websites do not provide for a scalable process. Therefore, open federated networks need a trust assurance framework to bootstrap trust between the three parties (the user, the OP and the RP).

The basic idea is that if an OP can be certified to comply with a set of industry best practices, the RP should be able to enter into open identity exchange where both the websites and the consumers are reasonably protected. Of course, a pragmatic trust assurance...

nicolas_popp | 08 Sep 2009 | 1 comment

Today, Federal CIO Vivek Kundra is announcing the first pilot for its Open identity initiative. The pilot will support both OpenID and Information Card technologies. Initially, it will be conducted by the Center for Information Technology (CIT), National Institutes of Health (NIH), U.S. Department of Health and Human Services (HHS) and other agencies. Over time, over 500 governmental web sites may become Open ID relying parties, potentially, creating one of the largest federated identity network.

Bien sur, VeriSign and the PIP will participate to the pilot as Open ID authentication services. This means that your VeriSign PIP ID will be accepted across participating federal Web sites. Saying that we are proud of being a part of this important announcement would be an understatement. The open identity initiative is a crucial step in President Obama's mandate for open citizen participation on key society issues such as...

nicolas_popp | 22 Feb 2009 | 0 comments

There have been a few very insightful discussions from Chris Messina and other regarding the PIP as a secure file, so I thought I would share some of our longer-term product goals.

Today, the PIP file vault is a personal digital locker for our users to manually upload their most personal files. That by itself is not an innovation. In fact, the Web is full of personal storage services like Gmail. Online storage provides immediate and useful value, yet its usefulness is limited by the amount of work an end-user is willing to commit (uploading takes work!).

Now it is interesting to consider how this simple Web 1.0 model of personal digital storage evolves when combined with an OpenID provider. Together, can these technologies allow us to transfer and store in one single place under our control the personal files, private data and rich media content that is...

nicolas_popp | 17 Feb 2009 | 0 comments

The PIP team just released a new feature on Friday: a secure digital vault to store your most personal documents online. Think of it as a digital lock box in the cloud to store copies of your most important documents online (deed of trust, will, passport, property pictures for insurance, etc).

p1.JPG

Since, these documents are your secrets, all files are encrypted using key management best practices. To increase security, access to the vault requires two-factor authentication. If you already have a VIP token, simply link it to your PIP account. For our most cost conscious PIP users, we offer a free mobile version of the VIP OTP token. It can be downloaded to your phone here (I use the iPhone Beta version that will be available soon). Once strongly...