Hannes Tschofenig

Personal blog about various IETF and Internet related activities

 

Archive for Identity Management

Feb
19
2016

Early this year we announced our plans to organize an OAuth security workshop on the IETF OAuth mailing list. We did this after we held a per-invitation only security workshop late December in response to the discovery of the OAuth Authorization Server Mix-Up problem. In the meanwhile we have made progress in the planning activities and we […]

Dec
22
2015

During the second week of November 2015 ARM TechCon took place in Santa Clara/California. The event is packed with presentations (from ARM and from partners) and new technology gets announced, such as the TrustZone for v8-M architecture. TrustZone for v8-M brings TrustZone functionality, which was previously available only to Cortex A class devices, to Cortex […]

Jan
16
2015

Picture of the meeting venue at the Computer History Museum taken before the show started.   When I attended the last Internet Identity workshop in Mountain View, California Justin Richer gave an OpenID Connect tutorial. I decided to record it since it could be useful for others as well. While my camera ran out of power […]

Dec
8
2014

[UPDATED: 14. January 2015] Early 2014 we organized a couple of webinars to hear about technologies that allowed to provide authentication of Internet of Things devices and to control access to resources. We learned more about OAuth, Kerberos, and the PKI/certificate model and all talks have been recorded and can be found at http://www.tschofenig.priv.at/wp/?p=1012 In a recent chat […]

May
5
2014

Mid 2013 I posted a summary about ongoing efforts on privacy in the IETF and I got a lots of good feedback. ISOC even published an extended version of the write-up at http://www.internetsociety.org/articles/ietf-privacy-update. Since summer 2013 a lot happened with regards to security and privacy. Here is another short update based on activities I have seen. Let […]

Sep
9
2013

Many have been wondering about government spying activities on Internet communication and of course everyone is puzzled what to do about it. More specifically, who should do what for certain applications (since the application behavior is quite different). I wrote down my thoughts in a presentation given to data protection authorities and I wanted to […]

Aug
30
2012

When designing new protocols and technologies it is essentially to get the starting point right – the assumptions of what technology can be used and what cannot be used. I just saw a great post by Patrik Fältström on the Apps-discuss IETF mailing list. Here is what he said about the design choices for WebFinger: […]




Forgot?

Categories

Tags

Hannes Tschofenig's Recent Tweets