At the last IETF meeting early March in London I had the pleasure to co-chair the Authentication and Authorization for Constrained Environments (ace) BOF with Kepeng. The picture of the flyer we distributed during the meeting should give you a rough idea what the topic is about. (We are also
Category: Security
Securing VoIP in the Presence of Pervasive Monitoring
Many have been wondering about government spying activities on Internet communication and of course everyone is puzzled what to do about it. More specifically, who should do what for certain applications (since the application behavior is quite different). I wrote down my thoughts in a presentation given to data protection
IETF#87 Update on Privacy
HTTP 2.0 The IETF is working on a new version of HTTP, called HTTP 2.0, in the HTTPbis working group already for some time. The Wiki page provides a bit of additional data about the goals. The working draft of HTTP 2.0 introduces some major changes to HTTP 1.1 and the possibility
OAuth Events during IETF#83
There are a couple of OAuth events going on this week. Here is a list: Sunday: OpenID Connect Workshop https://oic-workshop-ietf-83.eventbrite.com Tuesday: ISOC lunch event with the title “Authentication and Authorization: Next steps for OpenID and OAuth” http://www.internetsociety.org/events/isoc-panel-openid-and-oauth-ietf-8 3 OMA IETF MIF API Workshop (18:10-20:00, room 212/213) http://www.ietf.org/mail-archive/web/ietf/current/msg72651.html Thursday: Harry’s
Smart Object Security Workshop
Last Friday we had our “Smart Object Security” workshop. (Btw, it was not an IAB sponsored workshop.) I am going to talk at the IETF #83 SAAG meeting about the highlights and Jari will go into the details during the IETF LWIG working group meeting. We have received a number
ISOC@IETF 83: OpenID and OAuth Panel
ISOC regularly organizes panels at IETF meetings (and elsewhere). At the upcoming IETF 83 meeting there will be a panel on Tuesday, 27 March, 11:45am-12:45pm (local time). The topic is Authentication and Authorization: Next steps for OpenID and OAuth As the IETF-developed OAuth nears draft standard status, and with the
***DRAFT*** Agenda for Constrained Node/Network related events during IETF 83 in Paris
Carsten Bormann [cabo AT tzi.org] send a good summary of smart object relevant activities happening at the IETF#83 meeting to various mailing lists. ***Subject to change*** — don’t plan travel around this FRIDAY, March 23, 2012: Workshop on Smart Object Security SATURDAY, March 24, 2012 and SUNDAY,
How do we address some of the Web security problems?
The National Strategy for Trust Identifies in Cyberspace (NSTIC) project effort inspired me to think about the problems with Internet and Web security and what could be done about them. The NSTIC strategy document claims that there are three main problems, namely passwords usage leads to identity theft and fraud,
Privacy and Security in IPv6-based Deployments
Today I gave a talk at the 2nd International Conference on Mobile Internet Architecture Evolution of Post-LTE (MIRACLE 2011) workshop in Beijing, China. Here are my slides. In my talk I asked the audience about what can be done to help others to design Internet Protocol-based architectures. I look at