OAuth 2.0 has been around for several years now and I have always been interested to reach out to the wider industry for more feedback about the standardization work. This interest for feedback has led to several workshops and the 4th OAuth Security Workshop (OSW 2019) will take place in
Category: Privacy
Internet of Things Software Update Workshop (IoTSU)
We are organizing another workshop on Internet of Things related matters. This time we will talk about the importance of software / firmware updates. We are seeking input on this topic via the workshop. The workshop webpage also provides examples for topics, such as: Protocol mechanisms for distributing software updates:
FIDO & Privacy
In time for the data privacy day the FIDO Privacy & Public Policy working group released their FIDO Privacy whitepaper. This new whitepaper is targeted at regulators, data protection authorities, and “policy makers”. Of course, everyone with interest in privacy is also welcome to take a look at it. Due
Smart Object Architectures
Dave Thaler, Mary Barnes, and I had the honor to talk to the participants of the IETF#92 meeting in Dallas/Texas about the recently published Smart Object Architecture document, see RFC 7452. The presentation was given during the technical plenary of the Internet Architecture Board (IAB). A recording of the talk was
Webinar about the Kantara User-Managed Access (UMA) working group to the IETF ACE Working Group
[UPDATED: 14. January 2015] Early 2014 we organized a couple of webinars to hear about technologies that allowed to provide authentication of Internet of Things devices and to control access to resources. We learned more about OAuth, Kerberos, and the PKI/certificate model and all talks have been recorded and can be found
Privacy in the IETF (May 2014 Update)
Mid 2013 I posted a summary about ongoing efforts on privacy in the IETF and I got a lots of good feedback. ISOC even published an extended version of the write-up at http://www.internetsociety.org/articles/ietf-privacy-update. Since summer 2013 a lot happened with regards to security and privacy. Here is another short update based on
Privacy Engineering or “Designing Privacy into Internet Protocols”
The privacy program of the Internet Architecture Board (IAB) has been working on a privacy tutorial for some time already and at the last IETF meeting in London I had the honor to present the work to the wider IETF community. The tutorial provided a sneak preview to a document
Securing VoIP in the Presence of Pervasive Monitoring
Many have been wondering about government spying activities on Internet communication and of course everyone is puzzled what to do about it. More specifically, who should do what for certain applications (since the application behavior is quite different). I wrote down my thoughts in a presentation given to data protection
IETF#87 Update on Privacy
HTTP 2.0 The IETF is working on a new version of HTTP, called HTTP 2.0, in the HTTPbis working group already for some time. The Wiki page provides a bit of additional data about the goals. The working draft of HTTP 2.0 introduces some major changes to HTTP 1.1 and the possibility
Design Constraints: Episode #1
When designing new protocols and technologies it is essentially to get the starting point right – the assumptions of what technology can be used and what cannot be used. I just saw a great post by Patrik Fältström on the Apps-discuss IETF mailing list. Here is what he said about