Wednesday, October 21. 2009
Slides have been posted for the latest version of my Digital Identity talk.
The contents is a bit less technical than in the past and is aimed at wider audience than just developers. Please contact me if there are any questions on the material or topics presented. Rob Richards.
You can also find the slides from my OAuth presentation.
Monday, September 22. 2008
Slides have been posted for the latest version of my Digital Identity talk.
This talk has evolved since I first starting giving it, but the latest version simple needed more time to present. I was asked to combine all the topics (OAuth was to be its own presentation) into one, which I probably won't do again. Even just only covering the absolute basics, I found that there just isn't enough time to cover them all in the short amount of time, so some material was skimmed over. If anyone has any questions on any of the material, please feel free to contact me.
Friday, March 28. 2008
Now that I've settled into my job at Mashery, I've starting getting a chance to get back to some of my side projects. On the information card and openinfocard front, I am currently looking at getting the selector to export and import cards so that I can synch up my cards amongst my different selectors. More importantly though, I will be in San Francisco for work in little over a week, allowing me to attend and participate in the OSIS User-Centric Identity Interop event at the RSA Conference. While I only play an insignificant role in the openinfocard project, I will be there as part of that project as well as representing my own information card code.
We even have our own logos . Axel did a great job coming up with a logo for openinfocard. As I was up at the PHP Quebec conference when they asked for logos, Julie was kind enough to quickly pull one together for me. With under 24 hours to get it done, no graphic utilitities installed on her new macbook and extremely bad internet bandwidth to even try to download any applications, I think she did a fantastic job.
Anyone interested in participating or seeing demonstration of the identity technologies should be sure to check it out on April 8th and 9th from 11am - 6pm. As I am out there primarily for work, I will most likely will be there later in the day. If you can't make it but are interested in getting involved, interoperability testing is currently underway.
Updated 04-03-2008: The openinfocard logo has been changed to the one now displayed
Saturday, January 5. 2008
2008 is sure off to a lousy start. I went back to work the first work day of the new year after some relaxing time off just to be told the entire IT department has been let go effective immediately. I am just praying this isn't an indication about how the rest of the year is going to go. I get enough of the open position emails, but the trouble is that I am not going to leave Maine. I like it here and it's a great place to raise a family. That being said, if anyone is looking or knows of someone looking for a developer in Maine (I'm trying to avoid doing Java full time) or that allows for a full time telecommuter, I would appreciate any leads: You either already have my email address or contact me via: =rob.richards.
As far as outside projects I am involved in and work on, I do plan on continuing working on them, although I might be a bit MIA for some time until I get settled. My apologies for tagging this in all categories, but hey I need to get maximum exposure here.
Thursday, July 5. 2007
Work has been keeping me extremely busy over the past few months, so I haven't had much time for any new entries. This, however, doesn't mean that there hasn't been anything going on. I figured it was about time I provided an update so people will quit asking if I'm still alive
Contrary to what I said in the past about no longer maintaining these libraries, I have been quietly releasing updated versions of the code with bug fixes. There are quite a number of people using them for various reasons so I have decided to continue supporting and developing all the libraries. There will be a few changes though. I have had far too many emails and questions concerning the lack of licensing (For some reason people don't get the public domain concept). To hopefully reduce the amount of questions I get about this, I will be releasing the next versions under a BSD license. I will also being maintaining versioning information for each file and the changes made between versions. The changes made so far have primarily been concerned with fixes when used through a SOAP server context, some ability to perform encryption in a SOAP message from the client side and some new features that I have needed for an Managed Identity provider (see the Infocard section for details).
Continue reading "Catching Up"
Friday, March 2. 2007
It's no surprise to anyone who has visited my blog before that I have had InfoCard support within Serendipity for some time now. Serendipity was not originally designed with third party authentication mechanisms in mind, so in order to allow for this, I had to heavily modify the internals of the code. Although an external authentication plugin has been available, it simply allows a username/password combination to be validated by an outside source. This combination is then saved in the Serendipity author table and then pulled from there. Not the best solution (and a simple explanation on my part of how it really works), but in the case of OpenID and InfoCard quite impossible. There are no username/passwords being submitted to the blog. In any event, this made Serendipity upgrades very painful as I had to merge my changes by hand into the new revisions. The problems I had with integration have been the very same issues that has prevented the addition of OpenID support.
That is until now (hopefully).
Continue reading "OpenID and InfoCards coming to Serendipity"
Friday, February 16. 2007
It has taken me quite some time to come to grips with OpenID. Why? Because I trust no one. When I first started playing around in the Identity arena, I thought it was a great step forward in protecting my identity. Minimal, and only information I allow, is released to the requesting party. The requesting party has no need (and should not unless absolutely necessary; after informing me they are doing so) to store any of the information provided with my identity. This doesn't mean though that they can't store other information to make my experience at their site better.
Take your favorite on-line store for example. It eventually should be possible to login into their system using your identity (leaving it vague right now what type) and maybe have a profile they store that's tied to your identity so that they can tailor their site to you, say promoting only products in categories you are interested in, like computer gadgets rather than dishwashers. This all sounds great, so what's my problem?
I am paranoid when dealing with companies involved with marketing. I typically would be browsing their system through anonymous proxies and be using site specific email addresses if I need to register. In most case I browse on-line stores to compare products, product reviews and prices and only shop at a handful of stores I actually trust. So to get the personal integration on all these sites, I would either be using my OpenID or an InfoCard to logon. The difference between these two technologies is where I start having some issues with OpenID.
Continue reading "Identity Paranoia"
Wednesday, January 17. 2007
I have recently been reading the discussions between Kim Cameron and Dick Hardt, not to mention the outside commentary as well, concerning the use of client sided security and where it fits in. I found this very interesting due to the fact that when I initially began playing with InfoCards, this was one of the features that drew me in. I am neither an identity nor security expert, nor have I had much time to play around with OpenID (that will be changing soon), so I am going to assume my final understanding of what I read is correct and that OpenID currently needs an additional third-party plug-in to perform the same client sided security as InfoCards. If I am incorrect in this assumption, someone please correct me.
If this really is the identity revolution, power to the people and all that jazz, then it really needs to be done correctly from the start. Personally, how it all works or what protocols are used is of much lesser concern to me than what will happen when the technology gets in the hands of my Dad. You can all stop wondering WTF I am talking about as I'll elaborate on that.
Continue reading "Identity and client sided protection"
(Page 1 of 1, totaling 8 entries)
I can be reached via my i-name: =Rob.Richards