Category: Identity Metasystem

EPIC opposes Google / Doubleclick merger

Last week the Electronic Privacy Information Center (EPIC) made an agenda-setting intervention on the newest dangers in digital privacy.  EPIC is perhaps the world’s most influential privacy advocacy group,  and presented its brief to a US Senate hearing looking into Google’s proposed acquisition of Doubleclick

According to USA Today,

“The Federal Trade Commission is already reviewing whether the Google-DoubleClick combination would violate antitrust law.  Consumer groups are pressing the agency to also scrutinize Google's privacy practices.  Marc Rotenberg, executive director of the Electronic Privacy Information Center, told the Senate committee that Google should be required to strengthen its privacy practices as a condition of the acquisition.”

Continue reading EPIC opposes Google / Doubleclick merger

New CardSpace Techie Blog

Caleb Baker, Ruchi Bhargava and a group of their colleagues on the CardSpace team have set up a new blog by techies for techies, called CardSpace: Behind the Code.  It warms my heart to see the team members reaching out to make direct contact with other developers and engineers who are adopting the technology or creating versions on other platforms.  So often developers in big companies are caught behind a wall of gauze.

They begin with a post that talks in depth about a change in CardSpace that I first announced in June here.  Basically, without in any way decreasing the security of high end sites, we have made it markedly easier for bloggers and others whose sites don't represent a financial honeypot to accept information cards:

“CardSpace in .Net Framework 3.0 required that sites deploying CardSpace always have a SSL certificate. This meant that every site that wanted to use CardSpace was forced to deploy an https site.

“Based on customer feedback, we have decided to relax this requirement for the next release of CardSpace (currently available in .NET Framework 3.5 Beta 2). We realize that there are some sites like blogs which would like to use CardSpace, but consider the SSL requirement to be a deployment blocker.

“Now, if you have a website that you want to add CardSpace support to, all you need to do is add the object tag to the page and you are done.

“In addition to requiring .Net Framework 3.5 beta 2 or later [on the windows client – Kim], a new version of icardie.dll is required to use this new feature. This will ship with Vista SP1 and an upcoming update to IE7.

“CardSpace does behave differently for http vs. https sites. When CardSpace is invoked from an http site, CardSpace will inform the user about the lack of an SSL connection and the security implication of this. (Also, note the new streamlined look of this window.)

CardSpace without SSL 

“In addition, managed card issuers can decide if the card they issued can be used on sites that do not support SSL. This can be done by adding the following element to the .crd file. If this element is specified then the card can only be used on a site that has a SSL certificate. The card will not ‘light up’ when the user is on an http site.

“A point to be noted is that cards that were issued for last release of CardSpace will light up on http sites as they will lack this new element. In that case, the IP STS can make a decision on whether to release a token based on the identity of the recipient sent in the RST message…”

[Continues with changes in algorithms here.]

In one of the posted comments, reader MathiasR tells the team:

“Great to hear that you are listening to our feedback :). Thanks!”

Meanwhile, the MSDN blog site they're on doesn't yet seem to show any signs of supporting Information Cards for leaving comments.  Maybe I'm just missing it, or maybe Caleb can drum up some info on when that is going to be turned on.

MSN and Windows Live hook up InfoCard Beta

Video of Hotmail Beta of Information Cards

In this video of the Windows Live ID beta (1:20) we use Bandit's DigitalMe to register and log into Hotmail from a Mac.  If anyone has been concerned that Information Cards won't scale to handle large sites, they can relax now.  To see another version of the demo, this time using CardSpace, watch this (2:20). 

MSN and Windows Live CardSpace Beta

You can now use Information Cards at Hotmail and all the other MSN/Windows Live sites. 

Just go here to associate an Information Card with your existing account.   I found that both Windows CardSpace and the Mac DigitalMe information card selectors worked beautifully with the system.  Check out this video to see what it was like registering and logging in from my Mac using DigitalMe. 

It's worth taking a step back to think about what can go wrong when you add a feature of this importance to a site with 300 million accounts.  If things don't work, you don't have a software bug – you have a trainwreck.  So the Windows Live people have done a lot of thinking, planning and testing in order both to create a cool experience and keep from confusing their users.   

There are still some anomolies.  In the words of the Beta announcement: Continue reading MSN and Windows Live CardSpace Beta

Start using DigitalMe for Mac

Over the weekend I installed “Digital Me for Mac” on my MacBook Pro and started using it with identityblog and other sites.  It's fast and totally does the trick.  I've made a micro video demo that gives you an idea of what it's like.

The install worked just as it should.  I ended up with a Bandit managed card – then went on to create a self-issued one so I wouldn't have to enter a password.  So now I can work on my site both from my Mac and my PCs.  I'm not sure if it works with Safari – I was using it with Firefox. Continue reading Start using DigitalMe for Mac

We need a spectrum

Stefan Brands runs off in the wrong direction in his recent treatise on OpenID.  Who really needs a “shock and awe” attempt to bonk the new OpenID “cryptographic primitives” back into the stone age?

It's not that you shouldn't read the piece; even though subtlety is not its strong suit, it brings together a lot of information about a threat model for OpenID.

The main problem is simply that it misses the whole point about why OpenID is of interest.
Continue reading We need a spectrum

Linkage with CardSpace in Auditing Mode

As we said here, systems like SAML and OpenID work without any changes to the browser or client – which is good.  But they depend on the relying party and identity provider to completely control the movement of information, and this turns out to be bad. Why? Well, for one thing, if the user lands at an evil site it can take complete control of the client (let's call this “extreme phishing”) and trick the user into a lot of evil.

Let’s review why this is the case.  Redirection protocols have two legs.  In the first, the relying party sends the user’s browser to the identity provider with a request.  Then the identity provider sends the browser back to the relying party with a response.   Either one can convince the user it's doing one thing while actually doing the opposite.

It’s clear that with this protocol, the user’s system is “passive”. Services are active parties while the browser does what it is told.  Moreover, the services know the contents of the transaction as well as the identities and locations of the other service involved.  This means some classes of linkage are intrinsic to the protocol, even without considering the contents of the identity payload.

What changes with CardSpace?

CardSpace is based on a different protocol pattern in which the user’s system is active too.  Continue reading Linkage with CardSpace in Auditing Mode

Burton Group reports on user-centric interop

The Burton Group has posted its evaluation of the user-centric interopathon held at this year's Catalyst. The analyst is Bob Blakley, now with Burton and previously chief scientist for Security and Privacy at IBM Tivoli Software. 

Bob writes, “Prior to the event, there were some specifications, one commercial product, and a number of open-source projects.  After the event, it can accurately be said that there is a running identity metasystem.” Continue reading Burton Group reports on user-centric interop

DigitalMe for Mac passed the Interoperathon

Bandit's contribution to the emerging identity metasystem is exceptional – we're talking about the DigitalMe Identity Selector for Mac and Linux , as well as relying party components.  I will post a download link as soon as one becomes available.  Novell's Dale Olds wrote about the Catalyst Conference and OSIS Interopathon here Continue reading DigitalMe for Mac passed the Interoperathon

The CardSpace dimensions

Axel Nennker from T-Systems in Germany now has a blog called ignisvulpis (OK, no translation found in search engines – I had to crack open my latin dictionary to be reminded that ignis means ‘fire’ and vulpes means ‘fox’…   Yikes, Axel!)  Axel is a contributor to the openinfocard project started by Chuck Mortimore and Ian Brown.

In a bizarre case of Information Card Fever sweeping through Germany, he writes:

Yesterday I learned that the team of the new java CardSpace project jinformationcard works in the same building as I do. As I am a contributor to the openinfocard project we now have two independent java CardSpace projects “in the house”. 

That's amazing.

Anyway, I heard Axel speak at a meeting a while ago and was fascinated by the way he conceptualized his “information card dimensions”.   Now I can share it with you because he posted it to his blog:

While thinking about how Windows CardSpace could be used and extended I came up with this graphic.

Thus the dimensions of Windows CardSpace are:

  1. Cardstore: Where is the cardstore?
    Service Providers store the information cards and facilitate the use through different devices.
  2. CredentialStore: Where are the credentials?
    Storage of credentials and engine for cryptographic operations.
  3. UI Generation: Where is the UI generated?
    The UI could be generated on a server but be displayed on one of the user’s devices.
  4. Identity Selector (UI): Where is the UI displayed and where is the Information Card selected?
  5. STS: Where is the STS?
  6. STS Authentication: Authentication Technology
  7. Browser: On which device is the authentication needed?

Now imagine all the combinations of the coordinates which span “use case space”.  My colleague Jochen Klaffer designed and implemented a tool which helped us a lot to find relevant use cases in our “CardSpace for Telcos” project which we are doing for Deutsche Telekom Laboratories’ Jörg Heuer.

This is of course only a selection of possible dimensions.  Others were excluded for simplicity and because there are strong indications that they will never be relevant.  Kim Cameron said e.g. about using different protocols instead of WS-*: “This will not happen”.

So the “Trust Protocol” dimension is not shown in this graphic.

Other dimensions missing are new transport protocols like SIP instead of HTTP to transport the RST/RSTR. So the “Transport Protocol” dimension is not shown in this graphic.

You will probably notice that there are points on the axis that are not part of CardSpace version 1.0…

Let us look at CardSpace 1.0.

  1. Cardstore: local (secure desktop).
  2. CredentialStore: local (secure desktop).
  3. UI Generation: local (secure desktop).
  4. Identity Selector (UI): local (secure desktop)
  5. STS: local or network
  6. STS Authentication: fixed set of four technologies
  7. Browser: PC

So this the current state, but the universe is expanding, right?

Interpretation of the axes and the new points the axes is left to the reader 😉

I think this is really brilliant and have been amazed at the methodologies being used.  I hope Axel will also report on the work by Jochen Klaffer to which he refers.

One small correction – we already support a simple RESTful http post of a token to a relying party – in other words, no need for WS.  So there is a protocol dimension.  In terms of the highly trusted connection between identity selector and identity provider, I would much rather avoid introducing alternate protocols that would drastically increase our attack surface and test matrix.