background preloader

Identity and privacy management

Facebook Twitter

Identity at Mozilla. We were very happy to see the revamped “Log In with Google Plus” product from our friends across town: big improvements in user experience, great mobile integration, and clearer privacy controls.

Identity at Mozilla

Still, we think Identity on the Web can be better: easier for developers, true choice and control for users. In particular, we think login should be personal and minimal first, social later. We’re not the only ones who think so, as TechCrunch reported: Some people don’t have Facebook or Twitter accounts. Personal Is A Secure Vault For All Of Your Private, Digital Data.

We wrote about stealthy startup Personal earlier this year when the company announced $7.6 million in funding from Steve Case’s Revolution LLC, Allen&Company, and others.

Personal Is A Secure Vault For All Of Your Private, Digital Data

This week, Personal finally launched its service, which aims to give consumers control over their digital data, to the public. Personal is a free web and mobile service that helps you take control of all the digital information about yourself and your life, decide who gets access to it, and use it for your benefit. This information ranges from your passwords, your kids allergies, emergency contacts, credit card info, and more. 6d, an online identity building web app. Own your online identity. Own your content.

Palmetto API. XACML. XACML stands for eXtensible Access Control Markup Language.


The standard defines a declarative access control policy language implemented in XML and a processing model describing how to evaluate access requests according to the rules defined in policies. As a published standard specification, one of the goals of XACML is to promote common terminology and interoperability between access control implementations by multiple vendors. XACML is primarily an Attribute Based Access Control system (ABAC), where attributes (bits of data) associated with a user or action or resource are inputs into the decision of whether a given user may access a given resource in a particular way. Role-based access control (RBAC) can also be implemented in XACML as a specialization of ABAC. The XACML model supports and encourages the separation of the access decision from the point of use. History[edit] The first committee specification of XACML 3.0 was released August 10, 2010.[1] Terminology[edit] Targets[edit]

Google revises Google+ real name management policy. Over the weekend, Google annoyed numerous one-time Google+ users by blowing away their accounts because they'd broken Google's name restrictions.

Google revises Google+ real name management policy

That went over well. As I asked at the time, “What was Google thinking!?” Google's senior VP of social, Vic Gundotra, explained Google's logic for insisting on real names, as an attempt to set a positive tone, "like when a restaurant doesn't allow people who aren't wearing shirts to enter. " Now, Bradley Horowitz, Google's VP of Google+, stated on a Google+ post that Google will be changing its naming policies “as soon as possible. We’ve already improved our process, and the changes below should arrive in a matter of weeks.” Google Confirms: Non-Real Name Google Profiles Risk Suspension (I.E., Google Still Doesn’t Get Social) Public-key cryptography. An unpredictable (typically large and random) number is used to begin generation of an acceptable pair of keys suitable for use by an asymmetric key algorithm.

Public-key cryptography

In an asymmetric key encryption scheme, anyone can encrypt messages using the public key, but only the holder of the paired private key can decrypt. Security depends on the secrecy of the private key. In the Diffie–Hellman key exchange scheme, each party generates a public/private key pair and distributes the public key.

As of July 31st, all Google profiles will be public. Google will no longer allow users to have private Google profiles after July 31st, reports Search Engine Land.

As of July 31st, all Google profiles will be public

The company had previously allowed users to create and maintain profiles on its service without publicly disclosing their existence. What is SSL and what are Certificates? Get Janrain Engage.

Identity management

Privacy. Authentication. Facebook’s Facial Recognition Fiasco: Those Words Sound Scary! Angst!

Facebook’s Facial Recognition Fiasco: Those Words Sound Scary!

Raised Eyebrows! Distinct feelings of discomfort! So go the reactions to a feature on Facebook that uses facial recognition technology to help users tag their photos. Postini. Customers will continue to receive email security and archiving services for use with their existing email servers through the Google Apps platform and Google Apps Vault**. Google will manage the transition for our customers and they will not have to replace existing email servers with Gmail. No immediate action is required by customers. Transitions are expected to start in early 2013 and will continue throughout the course of the year. We will contact customers 60-90 days in advance of their transition eligibility with information on how to make the transition. To help provide more information and answer questions, we’ve put together this Transition Help Center along with an FAQ.

Internet security — Authentic8. Foundry Group Invests In Postini Founder’s New Browser Security Startup, Authentic8. The Foundry Group’s Ryan McIntyre (who was a board member of Postini) just announced the venture firm’s investment in browser security startup Authentic8, which is the brainchild of Postini founder Scott Petry and Ramesh Rajagopal (Postini’s VP Corporate Development).

Foundry Group Invests In Postini Founder’s New Browser Security Startup, Authentic8

Postini offered businesses message security, archiving, encryption, and policy enforcement tools which can be used to protect a company’s email, instant messaging, and other web-based communications platforms. The company was eventually acquired by Google in 2007 for $625 million. As McIntyre writes, Authentic8 is “a direct descendant of the Postini DNA.” While Positini tackled email security, Authentic8 addresses security in the browser. The startup has created a secure browser called the Disposable Browser (currently based on the Firefox codebase), which runs remotely on a virtual server in the cloud.

The goal of Authentic8 is to appeal to businesses who are conscious of employees’ security through browsers.