Identity and privacy management
Get flash to fully experience Pearltrees
We were very happy to see the revamped “Log In with Google Plus” product from our friends across town: big improvements in user experience, great mobile integration, and clearer privacy controls. Still, we think Identity on the Web can be better: easier for developers, true choice and control for users. In particular, we think login should be personal and minimal first, social later. We’re not the only ones who think so, as TechCrunch reported :
We wrote about stealthy startup Personal earlier this year when the company announced $7.6 million in funding from Steve Case’s Revolution LLC , Allen&Company , and others. This week, Personal finally launched its service, which aims to give consumers control over their digital data, to the public. Personal is a free web and mobile service that helps you take control of all the digital information about yourself and your life, decide who gets access to it, and use it for your benefit.
XACML stands for eXtensible Access Control Markup Language . The standard defines a declarative access control policy language implemented in XML and a processing model describing how to evaluate authorization requests according to the rules defined in policies. As a published standard specification, one of the goals of XACML is to promote common terminology and interoperability between authorization implementations by multiple vendors. XACML is primarily an Attribute Based Access Control system (ABAC), where attributes (bits of data) associated with a user or action or resource are inputs into the decision of whether a given user may access a given resource in a particular way. Role-based access control (RBAC) can also be implemented in XACML as a specialization of ABAC.
Over the weekend, Google annoyed numerous one-time Google+ users by blowing away their accounts because they'd broken Google's name restrictions . That went over well. As I asked at the time, “ What was Google thinking!? ” Google's senior VP of social, Vic Gundotra, explained Google's logic for insisting on real names, as an attempt to set a positive tone, "like when a restaurant doesn't allow people who aren't wearing shirts to enter." Now, Bradley Horowitz, Google's VP of Google+, stated on a Google+ post that Google will be changing its naming policies “as soon as possible.
Google Confirms: Non-Real Name Google Profiles Risk Suspension (I.E., Google Still Doesn’t Get Social)UPDATE, 7/12, 2:45PM : The story continues in this post here . If you created a Google Profile named after your avatar or another pseudonymous name, your account risks suspension. Instead, you should consider creating a Google Profile which is based on your real name, and if you like, add your avatar name and other non-real names in the About section of your profile. To do that, click “ Edit Profile ” and enter those names in the designated fields, as pictured at right from my own profile, which has my SL avatar name, “Hamlet Au”, along with variations of account names I use in other gaming/virtual world/social media settings. My advice comes after a long e-mail conversation I recently completed with Google spokesperson Katie Watson, Senior Manager of Global Communications & Public Affairs at the Internet giant.
In an asymmetric key encryption scheme, anyone can encrypt messages using the public key, but only the holder of the paired private key can decrypt. Security depends on the secrecy of the private key. In some related signature schemes, the private key is used to sign a message; anyone can check the signature using the public key. Validity depends on security of the private key.
Google will no longer allow users to have private Google profiles after July 31st, reports Search Engine Land . The company had previously allowed users to create and maintain profiles on its service without publicly disclosing their existence. Google is making the change primarily to aid in the growth of its new Google+ social network. This change means that you must have at least your full name and gender shown publicly to join Google+. Google updated its public profiles page some time ago, as we commented on , to notify users of this upcoming change, stating: The purpose of Google Profiles is to enable you to manage your online identity.
How do you know that you are dealing with the right person or rather the right web site. Well, someone has taken great length (if they are serious) to ensure that the web site owners are who they claim to be. This someone, you have to implicitly trust: you have his/her certificate loaded in your browser (a root Certificate). A certificate, contains information about the owner of the certificate, like e-mail address, owner's name, certificate usage, duration of validity, resource location or Distinguished Name (DN) which includes the Common Name (CN) (web site address or e-mail address depending of the usage) and the certificate ID of the person who certifies (signs) this information. It contains also the public key and finally a hash to ensure that the certificate has not been tampered with. As you made the choice to trust the person who signs this certificate, therefore you also trust this certificate.
Angst! Raised Eyebrows! Distinct feelings of discomfort! So go the reactions to a feature on Facebook that uses facial recognition technology to help users tag their photos.
Customers will continue to receive email security and archiving services for use with their existing email servers through the Google Apps platform and Google Apps Vault**. Google will manage the transition for our customers and they will not have to replace existing email servers with Gmail. No immediate action is required by customers. Transitions are expected to start in early 2013 and will continue throughout the course of the year. We will contact customers 60-90 days in advance of their transition eligibility with information on how to make the transition. To help provide more information and answer questions, we’ve put together this Transition Help Center along with an FAQ .
The Foundry Group’s Ryan McIntyre (who was a board member of Postini) just announced the venture firm’s investment in browser security startup Authentic8 , which is the brainchild of Postini founder Scott Petry and Ramesh Rajagopal (Postini’s VP Corporate Development). Postini offered businesses message security, archiving, encryption, and policy enforcement tools which can be used to protect a company’s email, instant messaging, and other web-based communications platforms. The company was eventually acquired by Google in 2007 for $625 million. As McIntyre writes, Authentic8 is “a direct descendant of the Postini DNA.” While Positini tackled email security, Authentic8 addresses security in the browser.