Personal blog about various IETF and Internet related activities
Early this year we announced our plans to organize an OAuth security workshop on the IETF OAuth mailing list. We did this after we held a per-invitation only security workshop late December in response to the discovery of the OAuth Authorization Server Mix-Up problem. In the meanwhile we have made progress in the planning activities and we […]
During the second week of November 2015 ARM TechCon took place in Santa Clara/California. The event is packed with presentations (from ARM and from partners) and new technology gets announced, such as the TrustZone for v8-M architecture. TrustZone for v8-M brings TrustZone functionality, which was previously available only to Cortex A class devices, to Cortex […]
Picture of the meeting venue at the Computer History Museum taken before the show started. When I attended the last Internet Identity workshop in Mountain View, California Justin Richer gave an OpenID Connect tutorial. I decided to record it since it could be useful for others as well. While my camera ran out of power […]
[UPDATED: 14. January 2015] Early 2014 we organized a couple of webinars to hear about technologies that allowed to provide authentication of Internet of Things devices and to control access to resources. We learned more about OAuth, Kerberos, and the PKI/certificate model and all talks have been recorded and can be found at http://www.tschofenig.priv.at/wp/?p=1012 In a recent chat […]
Mid 2013 I posted a summary about ongoing efforts on privacy in the IETF and I got a lots of good feedback. ISOC even published an extended version of the write-up at http://www.internetsociety.org/articles/ietf-privacy-update. Since summer 2013 a lot happened with regards to security and privacy. Here is another short update based on activities I have seen. Let […]
Many have been wondering about government spying activities on Internet communication and of course everyone is puzzled what to do about it. More specifically, who should do what for certain applications (since the application behavior is quite different). I wrote down my thoughts in a presentation given to data protection authorities and I wanted to […]
When designing new protocols and technologies it is essentially to get the starting point right – the assumptions of what technology can be used and what cannot be used. I just saw a great post by Patrik Fältström on the Apps-discuss IETF mailing list. Here is what he said about the design choices for WebFinger: […]