Identity at Mozilla. We were very happy to see the revamped “Log In with Google Plus” product from our friends across town: big improvements in user experience, great mobile integration, and clearer privacy controls.
Still, we think Identity on the Web can be better: easier for developers, true choice and control for users. In particular, we think login should be personal and minimal first, social later. We’re not the only ones who think so, as TechCrunch reported: Personal Is A Secure Vault For All Of Your Private, Digital Data. We wrote about stealthy startup Personal earlier this year when the company announced $7.6 million in funding from Steve Case’s Revolution LLC, Allen&Company, and others.
This week, Personal finally launched its service, which aims to give consumers control over their digital data, to the public. Personal is a free web and mobile service that helps you take control of all the digital information about yourself and your life, decide who gets access to it, and use it for your benefit. 6d, an online identity building web app. Own your online identity. Own your content. Palmetto API. XACML. XACML stands for eXtensible Access Control Markup Language.
The standard defines a declarative access control policy language implemented in XML and a processing model describing how to evaluate access requests according to the rules defined in policies. As a published standard specification, one of the goals of XACML is to promote common terminology and interoperability between access control implementations by multiple vendors. XACML is primarily an Attribute Based Access Control system (ABAC), where attributes (bits of data) associated with a user or action or resource are inputs into the decision of whether a given user may access a given resource in a particular way. Role-based access control (RBAC) can also be implemented in XACML as a specialization of ABAC. Google revises Google+ real name management policy. Over the weekend, Google annoyed numerous one-time Google+ users by blowing away their accounts because they'd broken Google's name restrictions.
That went over well. As I asked at the time, “What was Google thinking!?” Google's senior VP of social, Vic Gundotra, explained Google's logic for insisting on real names, as an attempt to set a positive tone, "like when a restaurant doesn't allow people who aren't wearing shirts to enter. " Now, Bradley Horowitz, Google's VP of Google+, stated on a Google+ post that Google will be changing its naming policies “as soon as possible. Google Confirms: Non-Real Name Google Profiles Risk Suspension (I.E., Google Still Doesn’t Get Social) UPDATE, 7/12, 2:45PM: The story continues in this post here.
If you created a Google Profile named after your avatar or another pseudonymous name, your account risks suspension. Instead, you should consider creating a Google Profile which is based on your real name, and if you like, add your avatar name and other non-real names in the About section of your profile. To do that, click “Edit Profile” and enter those names in the designated fields, as pictured at right from my own profile, which has my SL avatar name, “Hamlet Au”, along with variations of account names I use in other gaming/virtual world/social media settings. My advice comes after a long e-mail conversation I recently completed with Google spokesperson Katie Watson, Senior Manager of Global Communications & Public Affairs at the Internet giant.
Public-key cryptography. In an asymmetric key encryption scheme, anyone can encrypt messages using the public key, but only the holder of the paired private key can decrypt.
Security depends on the secrecy of the private key. In the Diffie–Hellman key exchange scheme, each party generates a public/private key pair and distributes the public key. After obtaining an authentic copy of each other's public keys, Alice and Bob can compute a shared secret offline. As of July 31st, all Google profiles will be public. Google will no longer allow users to have private Google profiles after July 31st, reports Search Engine Land.
The company had previously allowed users to create and maintain profiles on its service without publicly disclosing their existence. Google is making the change primarily to aid in the growth of its new Google+ social network. This change means that you must have at least your full name and gender shown publicly to join Google+. Google updated its public profiles page some time ago, as we commented on, to notify users of this upcoming change, stating: The purpose of Google Profiles is to enable you to manage your online identity.
What is SSL and what are Certificates? Get Janrain Engage.
Privacy. Authentication. Facebook’s Facial Recognition Fiasco: Those Words Sound Scary! Angst!
Raised Eyebrows! Distinct feelings of discomfort! So go the reactions to a feature on Facebook that uses facial recognition technology to help users tag their photos. Postini. Customers will continue to receive email security and archiving services for use with their existing email servers through the Google Apps platform and Google Apps Vault**. Google will manage the transition for our customers and they will not have to replace existing email servers with Gmail. No immediate action is required by customers. Transitions are expected to start in early 2013 and will continue throughout the course of the year. We will contact customers 60-90 days in advance of their transition eligibility with information on how to make the transition. To help provide more information and answer questions, we’ve put together this Transition Help Center along with an FAQ.
Internet security — Authentic8. Foundry Group Invests In Postini Founder’s New Browser Security Startup, Authentic8. The Foundry Group’s Ryan McIntyre (who was a board member of Postini) just announced the venture firm’s investment in browser security startup Authentic8, which is the brainchild of Postini founder Scott Petry and Ramesh Rajagopal (Postini’s VP Corporate Development).
Postini offered businesses message security, archiving, encryption, and policy enforcement tools which can be used to protect a company’s email, instant messaging, and other web-based communications platforms. The company was eventually acquired by Google in 2007 for $625 million. As McIntyre writes, Authentic8 is “a direct descendant of the Postini DNA.” While Positini tackled email security, Authentic8 addresses security in the browser.