A memo on securing the web, entitled An Inquiry into the Nature and the Causes of Web Insecurity was published by Mike Hanson, Hannes Tschofenig and Sean Turner as an Internet-Draft in October 2011. This document is well worth reading, and I am looking forward to further work from the authors.

The memo points out that the current security measures on the web are designed for static text-based one-site content, whereas the current web is real-time, multi-site and has moved from documents to mobile code. Some of the issues with passwords are pointed out, and three types of goals are presented:

  1. Reduce the number of passwords used
  2. Increase the safety and security of how passwords are used
  3. Broaden the use of other credentials

Proposed guiding principles:

  • moving authentication down into the platform: Methinks not letting every single web developer reinvent the security wheel is a good thing
  • design for growth and multiple authentication mechanisms and credentials: the world changes,
  • context matters: exposing minimal information depends on getting context sorted out
  • transform long-term password to short-term credentials: the sloppy practices of not verifying end points will come back to haunt us
  • keep the user experience in mind: investigate failure scenarios and provide user feedback.
  • go from client-server to N-Party: Federated login and other multiple party solutions

Please read the Internet draft and give feedback to the authors!


Google launched testing of google+ last week. One interesting feature is the concept of circles: sorting your friends into friends, family, acquaintances and cool-people-to-follow. The interface for sorting friends is OK, and I may add my own circles.

The idea of using circles got me thinking about overlaps and how the circles could overlap. Most of the right’s management we are using today always starts out with a well defined root and hierarchical structure under the root.  I believe we need circles of rights, not hierarchies. I say this having worked both in the enterprise environment, social networks and for cross-organizational solutions. Bull’s eye is composed of concentric circles, exemplified by True friends within acquaintances/buddies/friends. This is similar to the traditional hierarchies in LDAP servers, who in practice limit us in what is easily done. Even for other services we tend to limit ourselves to this way of thinking, for example are there very few customer relation clouds that let you assign a person to two different organizations. Relations are normally with a person, not with a graph. I need persons assigned to multiple organizations because so many of my customers have more than one job or are in the process of fusion/fission for their organizations.

Child play is what Google+ circles look right now: disjunct circles you can skip around in. There is currently not much more than twitter lists or Facebook lists in the functionality. So why do I bother to spend time thinking about the potential? Because something needs to be done with the user interfaces for sharing information, and the Circles is a new kid on the block.

Some of the functionality I like about circles

  • Visual guide for who is in what circle
  • Drag and drop interface, still needs quite some work before escaping beta
  • Ability to put people in multiple circles
I think Google should not aim for the bull’s eye, but rather aim for something usable in everyday life, something more like child’s play.

Do not disturb my circles

Are we ready to take up the challenge of using flat space for rights management? It depends on the user interface, and the way circles are implemented today are several steps away from what we need

  • Visualization of circles overlap: Venn diagrams
  • Ability to weed out persons/circles (everybody but my cousin will get the funny pics, I want to closely follow my close friends but not the chatty girl posting too many updates)
  • Sorting the list of circles, and adapting the sort to usage patterns
  • Importing (and searching) from a variety of circles: people who get the same email, lists from other sources, people who live in my area, teams, my co-workers etc
  • Automatic updates, reflected in the search facilities
  • Scaling, for those with more than 15 people in their lives
And all of this needs to happen without having to think too hard about how to do the right thing for me as an end user. Otherwise I’ll just not bother. Google has great intelligence for search, they need to apply that same thinking to who-gets-what in the social networks.

Forget bull’s eye, give us child’s play

If a child can play with the circles and get rights management right, then the solution is good enough. Forget about building the perfect hierarchy with the single root, and get the flow going!

Kantara Initiative announced this week that CA Technologies, IBM Corporation, SAP AG and UNINETT pass Kantara Initiative SAML 2.0 Full-Matrix Interoperability Testing, SimpelSAMLphp was chosen as an open source solution to join in the testing, after submitting a proposal for why it is key federation software.

SimpelSAMLphp 1.8 passed Kantara Interoperability testing, and does conform to the IdP lite and SP lite profiles of SAML2.0.  This means that our drive to support federated login in a multi-vendor environment has taken another step in the right direction. Many of the federations in higher education operate with a software monoculture (using Shibboleth, which is really good software), but I believe that for federated solutions to permeate every necessary application we must work with a plethora of solutions. It is most important for this to happen on the service provider (SP) side, since the variations on implementation for web applications is huge.

So, it happened to me, like most of my friends with children and iTunes accounts.  And now I want a logout button or a logout app for my iPad. The kid was in a child friendly game, and

  1. a request to buy something popped up, and
  2. he happily clicked YES.

Since the device (in my case an iPad, but this is even more common on iPhones) was still within the time buffer for login, there was automatic approval of the purchase.

On the bright side, I got a happy child with a killer bird for AngryBirds.  On the down side I got an email, drowning in similar emails, about a purchase that was done with my iPad, and I had to pay money.  If he had been in the smurf town, like so many other Norwegian kids, this could have cost me 549 NOK (around 70 euros), as the unhappy dad whose daughter spent 4500 NOK in a free game discovered.

Why is there no logout button in the AppStore? Why is there no logout in iTunes? Why have they chosen to do the cannot-by-stuff-from-within-apps configuration in a submenu where you must enable restrictions explicitly for each device instead of offering me the ability to simply log out and then hand over the device to the kids?  Enabling a long long menu of stuff I do not really understand what is seems more complex to me than simply allowing logout.  Then I am probably spoiled by the elegant and simple logout support in Feide.

Logout is crucial on shared devices, to ensure that the next user does not gain unreasonable privileges.  Family iPads fall in the category of shared devices.  Give us logout in AppStore!

UPDATE: …and a bit embarrassed (but mostly happy)  I have to admit that iTunes has a logout button, available from the iTunes Store menu.  Took me a while to find it, and it does not help in AppStore, but it is great to have in iTunes.

We have been playing some with the ideas related to gathering third party attributes, and what we could enable.  Two important use cases

  • Virtual organizations: Who do I need to collaborate with?  Where do I find the project/VO tools? Where is our common space?
  • Universal access: What are my preferences with regards to text, speech, sign language or video?

The Tabia project presented a prototype using Feide for managing the preference service and oAuth for anonymous sharing of preferences, and with the added benefit of using Feide for SSO between multiple services.  Tabia was discussed at the Kaleido conference in Tromsø today, where a workshop aimed at hashing out the main issues involved with a preference service for universal access, given that children have the right to universal access to individualized education.

My presentation at the workshop centered on identity layer and preference storage (Norwegian language), what is possible when we have both federated identity, oauth and standards for universal access.

If for example I want to roll out web conferencing tools to a couple of hundred thousand users, and all these users have a federated ID linked with a good attribute set, why should I have to worry about provisioning?  I can have my users log in, transfer the appropriate information as attributes, and then things should work.  And there are at least 15 million federated user in the higher education sector alone, across the federations that we know of.  Why are the solutions emerging so slowly in this market?

We spent the last decade fixing availability of attributes and getting federated IDs deployed, and I would like to reap the benefits I know are lurking in the cloud from this investment:

  1. Federated login without letting the applications see the passwords
  2. Let real-time attribute transfer replace provisioning
  3. Being able to let federated widgets play together to let components form a coherent service, easing integration

Getting back to my current use case on web conferencing tools, I get really frustrated.  Not only with the bad audio, which is seriously annoying, but with the cumbersome deployment issues when rolling out in large communities. As far as I know, there is only Cisco WebEx of the web conferencing tools that have federated login operational on their standard federated plattform.  Some other vendors and solutions are actively investigating federated ID, and have customers who have done on-site extensions with federated login.  Some comments on web meeting solutions I have encountered in the past few months

  • Adobe Connect, a popular solution in higher education for web meetings does not support federated login on their hosted environment.  An example a properly behaved system  is SUNETs Adobe Connect installation where SUNET has added federated login with SWAMID and support for attributes.  Why not on the hosted service?  Will it be too much trouble to get a large amount of users?
  • Elluminate is working closely with several major LMS suppliers (it was bought by Blackboard this summer), and has functionality that is useful for education.  But no federated login – yet.
  • Nefsis is highly loved by the teaching community using it. I have not been testing this system myself.  There is no federated login.
  • NTR-meeting is a lightweight solution for web meetings, simple and easy to use.  Would be even easier if it had federated login.
  • BigBlueButton is open software for web meetings.  Not quite in production yet, and has no federated login.
  • DimDim is also used for distance lectures.  But it has no federated login.
  • Vidyo is tested (I have not tested it myself) by several interested parties.  No federated login reported.
  • EVO from the high performance computing crowd.  Developped within our own community.  Still no federated login.
  • Microsoft OCS may support federated login (codename Geneva), but when I talk to the local guys about this, we have so far spent most of our time explaining that federation does not imply collating Active Directory trees, but is Something Web with XML.

And the service from Skype, useable with good sound when everything else fail: no federated login.  On the other hand, I did not expect Skype to have federated login, as they operate in an environment on individual users.  The ones named on the list above try to deliver services to organizations.  Deployment without federated login is a lot more work than with federated login.  On the other hand, the extra work falls mostly on the deploying organization, so maybe that is why the service providers do not care.

Next Page »