decentralized-id.github.io/unsorted/later/id-not-ssi.md

213 lines
20 KiB
Markdown
Raw Normal View History

2022-10-28 02:36:46 -04:00
---
published: false
2023-06-06 17:56:42 -04:00
---
2023-05-31 13:06:44 -04:00
2023-06-27 19:56:00 -04:00
## IAM
* [@open_measure](https://twitter.com/open_measure) · [44m](https://twitter.com/open_measure/status/1398540528090759170)
Our #IAM #VendorManagement database just exceeded the 100 entries threshold! There's still a lot of work but it shows already how the IAM #market is a vibrant, diverse, and innovative industry - find out more and contribute at [https://open-measure.atlassian.net/wiki/spaces/VEN/pages/195133452/Vendor+Database](https://open-measure.atlassian.net/wiki/spaces/VEN/pages/195133452/Vendor%2BDatabase)
2022-10-28 02:36:46 -04:00
2023-06-23 18:33:59 -04:00
* [What's the difference between identification, authentication and authorization?](https://twitter.com/doerkadrian/status/1397566626405421060) 2021-05-26 Adrian Doerk
> - Identification: Who are you?
> - Authentication: Is it you again?
> - Authorization: What rights do I want to grant you?
* [To Better Understand Digital Identity, Look to Physics](https://www.pingidentity.com/en/company/blog/posts/2021/digital-identity-physics.html) 2021-05-17 Ping
> In chaotic systems such as those that the discipline of physics seeks to describe, there is also the concept of the “self-organizing principle,” which dictates a tendency for chaotic systems to organize themselves. While this might be a tendency in physics, organization usually needs a nudge in the right direction in the identity world. Proper attention to requirements and a good change control process are a crucial part of the equation.
* [Identity management is key to increasing security, reducing fraud and developing a seamless customer experience](https://identitypraxis.com/2022/01/07/identity-management-is-key-to-increasing-security-reducing-fraud-and-developing-a-seamless-customer-experience/) 2022-01-07 Identity Praxis
> - Identity management is an iterative process with three core elements initial identification, authentication (re-identifying the individual) and verification (ensuring the individual is who they claim to be)
> - Enterprises employ a vast array of technologies to execute these processes which are growing in scope and complexity
> - Understanding why identity management is necessary to enterprises and how this creates opportunities for vendors
2022-10-28 02:36:46 -04:00
## Explainer
### Identity not SSI
2023-05-31 13:06:44 -04:00
++++ 101 Session: UMA - User Manged Access https://iiw.idcommons.net/3B/_101_Session:_UMA_-_User_Managed_Access Eve Maler and George Fletcher
2022-10-28 02:36:46 -04:00
2023-05-31 13:06:44 -04:00
++++ Police in Latin America are turning activists phones against them https://restofworld.org/2021/latin-america-phone-security/
2022-10-28 02:36:46 -04:00
Experts say that seized devices have become a trove of information for authorities cracking down on social movements and opposition leaders.
2023-05-31 13:06:44 -04:00
++++ Calls for New FTC Rules to Limit Businesses Data Collection and Stop Data Abuse https://anonyome.com/2021/07/calls-for-new-ftc-rules-to-limit-businesses-data-collection-and-stop-data-abuse/
2022-10-28 02:36:46 -04:00
“I want to sound a note of caution around approaches that are centered around user control. I think transparency and control are important. I think it is really problematic to put the burden on consumers to work through the markets and the use of data, figure out who has their data, how its being used, make decisions … I think you end up with notice fatigue; I think you end up with decision fatigue; you get very abusive manipulation of dark patterns to push people into decisions.
2023-05-31 13:06:44 -04:00
++++ NSO rejects https://www.theguardian.com/news/2021/jul/18/response-from-nso-and-governments
this label. It insists only carefully vetted government intelligence and law enforcement agencies can use Pegasus, and only to penetrate the phones of “legitimate criminal or terror group targets”
2022-10-28 02:36:46 -04:00
2023-05-31 13:06:44 -04:00
++++ How Social Engineering Has (And Hasnt) Evolved Over Time https://auth0.com/blog/how-social-engineering-has-and-hasnt-evolved-over-time/ In short: you can deploy all the technological measures you want, but unless you address the human element, an attacker can defeat your defenses with a simple phone call or email. auth0
2022-10-28 02:36:46 -04:00
2023-05-31 13:06:44 -04:00
++++ My Take on the Misframing of the Authentication Problem https://kyledenhartog.com/misframing-authn/ If you havent [read this paper](https://www.cl.cam.ac.uk/~fms27/papers/2012-BonneauHerOorSta-password--oakland.pdf) before you design an authentication system youre probably just reinventing something already created or missing a piece of the puzzle \\n > [...] can anyone point me to an academic research paper or even some user research that tells me the probability that a users password will be discovered by an attacker in the next year? What about the probability that the user shares their password with a trusted person because the system wasnt deployed with a delegation system? Or how about how the probability will drop as the user reuses their password across many websites? Simply put I think weve been asking the wrong question Kyle Den Hartog
2022-10-28 02:36:46 -04:00
2023-05-31 13:06:44 -04:00
++++ The Things to Keep in Mind about Auth https://developer.okta.com/blog/2021/10/29/things-to-keep-in-mind-about-auth
Okta
2022-12-03 04:05:47 -05:00
2023-05-31 13:06:44 -04:00
++++ Developers: SMS Authentication is Challenging https://medium.com/magiclabs/building-sms-authentication-c2cabccbd5f8 SMS (Short Message Service) messaging¹, despite a number of material challenges, has broad adoption, international regulations, and support across platforms. Magic Labs
2022-12-03 04:05:47 -05:00
2023-05-31 13:06:44 -04:00
++++ What is Knowledge-based Authentication (KBA)? https://www.pingidentity.com/en/company/blog/posts/2022/what-is-knowledge-based-authentication-kba.html
Ping Identity
2022-10-28 02:36:46 -04:00
When you set up a new account, you are often asked to create a password and choose a security question and answer (e.g., What is your mother's maiden name?). Answering security questions based on personal information when you log in to an app or system is called knowledge-based authentication (KBA).
2023-05-31 13:06:44 -04:00
++++ Open Badges is now on the plateau of productivity https://dougbelshaw.com/blog/2022/03/18/open-badges-fers/
Doug Belshaw
2022-10-28 02:36:46 -04:00
Were no longer in the stage of “imagine a world…” but rather “heres whats happening, lets talk about how this could be useful to you”.
2023-05-31 13:06:44 -04:00
++++ Cloudflares investigation of the January 2022 Okta compromise https://blog.cloudflare.com/cloudflare-investigation-of-the-january-2022-okta-compromise/
2022-10-28 02:36:46 -04:00
Our [understanding](https://twitter.com/toddmckinnon/status/1506184721922859010) is that during January 2022, hackers outside Okta had access to an Okta support employees account and were able to take actions as if they were that employee. In a screenshot shared on social media, a Cloudflare employees email address was visible, along with a popup indicating the hacker was posing as an Okta employee and could have initiated a password reset.
Disasters in the World of Data
2023-05-31 13:06:44 -04:00
++++ Facebook Is Receiving Sensitive Medical Information from Hospital Websites https://themarkup.org/pixel-hunt/2022/06/16/facebook-is-receiving-sensitive-medical-information-from-hospital-websites
2022-10-28 02:36:46 -04:00
2023-05-31 13:06:44 -04:00
++++ Facebook and Anti-Abortion Clinics Are Collecting Highly Sensitive Info on Would-Be Patients https://themarkup.org/pixel-hunt/2022/06/15/facebook-and-anti-abortion-clinics-are-collecting-highly-sensitive-info-on-would-be-patients
2022-10-28 02:36:46 -04:00
2023-05-31 13:06:44 -04:00
++++ Tech on Juneteenth: Some tech firms perpetuate modern-day slavery by using prison labor https://benwerd.medium.com/tech-on-juneteenth-c45822aa53f7
2022-10-28 02:36:46 -04:00
2023-05-31 13:06:44 -04:00
++++ What Is Account Creation Fraud? https://www.pingidentity.com/en/resources/blog/post/what-is-account-creation-fraud.html
2022-10-28 02:36:46 -04:00
2023-05-31 13:06:44 -04:00
++++ Balancing User Experience and Security https://www.pingidentity.com/en/resources/blog/post/balancing-user-experience-ux-and-security.html
2022-10-28 02:36:46 -04:00
2023-05-31 13:06:44 -04:00
++++ Digital Identity Wallets auf Basis eIDAS 2.0 Ecosystem https://www.comuny.de/digital-identity-wallets-auf-basis-eidas-2-0-ecosystem/
2022-10-28 02:36:46 -04:00
Womens Rights and Technology Intersection feel very poinient this week
2023-05-31 13:06:44 -04:00
++++ Section 230 Is a Last Line of Defense for Abortion Speech Online https://www.wired.com/story/section-230-is-a-last-line-of-defense-for-abortion-speech-online/
Wired
2022-10-28 02:36:46 -04:00
2023-01-15 01:30:53 -05:00
Democrats who have been misguidedly attacking Section 230 of the Communications Decency Act need to wake up now. If they dont [start listening](https://www.thedailybeast.com/want-to-fix-big-tech-stop-ignoring-sex-workers) to the warnings of human rights experts, [sex workers](https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4095115), LGBTQ+ folks, and [reproductive rights](https://freedomnetworkusa.org/app/uploads/2020/09/FNUSA-Joins-EARN-IT-Act-Coalition-letter-9.09.2020.pdf) groups, Democrats could help right-wing zealots achieve their goal: mass censorship of online content about abortion.
2022-10-28 02:36:46 -04:00
## Identity not SSI
2023-05-31 13:06:44 -04:00
++++ Fixing Web Login https://www.windley.com/archives/2022/06/fixing_web_login.shtml
Phil Windley
2022-10-28 02:36:46 -04:00
Like the "close" buttons for elevator doors, "keep me logged in" options on web-site authentication screens feel more like a placebo than something that actually works. Getting rid of passwords will mean we need to authenticate less often, or maybe just don't mind as much when we do.
2023-05-31 13:06:44 -04:00
++++ ADOPTING NEW TECH: HOW TO GIVE YOUR TEAM THE BEST CHANCES OF SUCCESS https://www.theengineroom.org/adopting-new-tech-how-to-give-your-team-the-best-chances-of-success/
The Engine Room
2022-10-28 02:36:46 -04:00
From our past work in this area, we have seen that slow and steady wins the race: for new policies, practices, and technologies to become part of workflows, staff need to be able to learn how to use new tools and incorporate them into their daily work practices — and be supported in doing so.
2023-05-31 13:06:44 -04:00
++++ WHAT WEVE LEARNED THROUGH OUR SUPPORT FOR ORGANISATIONS WORKING ON BUILDING DIGITAL COMMUNITIES https://www.theengineroom.org/what-weve-learned-through-our-support-for-organisations-working-on-building-digital-communities/
The Engine Room
2022-10-28 02:36:46 -04:00
Maintaining an online community is a lot of work, in both the short term and the long term. It requires setting aside time, human resources and tech infrastructure to keep things running smoothly. Here are some questions and ideas that can help you assess what it may take to maintain the online community youre trying to build:
2023-05-31 13:06:44 -04:00
++++ InfoCert, AUTHADA and Dr. Ing. Wandrei develop a new tool for QES in the circular economy https://infocert.digital/infocert-authada-and-dr-ing-wandrei-develop-a-new-tool-for-qes-in-the-circular-economy/ signature can now be done on mobile devices such as smartphones and tablets with the new NSUITE.mobile product, with a consequent streamlining of the entire process. Infocert
2022-10-28 02:36:46 -04:00
2023-05-31 13:06:44 -04:00
+++- InfoCert has been recognized Representative Vendor in Gartners Market Guide for Electronic Signature 2022 https://infocert.digital/infocert-has-been-recognized-representative-vendor-in-gartners-market-guide-for-electronic-signature-2022/
2022-10-28 02:36:46 -04:00
2023-05-31 13:06:44 -04:00
+++- GBG: The State of Digital Identity 2022 https://www.gbgplc.com/media/heqgqhur/gbg-state-of-digital-identity-2022.pdf
* Security and satisfaction: Gaining from The Great Switch
* Digital identitys next step: Mobile and alternative data
2022-10-28 02:36:46 -04:00
2023-05-31 13:06:44 -04:00
* Identity fraud: Its a matter of when, not if
2022-10-28 02:36:46 -04:00
2023-05-31 13:06:44 -04:00
* Young adults: The biggest victims of identity fraud?
2022-10-28 02:36:46 -04:00
2023-05-31 13:06:44 -04:00
* Fraud and financial services
2022-10-28 02:36:46 -04:00
2023-05-31 13:06:44 -04:00
* Time to build trust in a digital world
++++ Daon-Neustar Partnership Combines Voice Authentication With Phone Number Verification https://findbiometrics.com/daon-neustar-partnership-voice-authentication-phone-number-verification-508261/
Bad News
2022-10-28 02:36:46 -04:00
2023-05-31 13:06:44 -04:00
++++ Widespread Okta phishing campaign impacts over 130 organizations https://www.scmagazine.com/brief/identity-and-access/widespread-okta-phishing-campaign-impacts-over-130-organizations
2022-10-28 02:36:46 -04:00
2023-05-31 13:06:44 -04:00
++++ LastPass Reports a Breach: Identity News Digest https://findbiometrics.com/lastpass-reports-a-breach-identity-news-digest-508262/
2022-10-28 02:36:46 -04:00
2023-05-31 13:06:44 -04:00
++++ Security pros say the cloud has increased the number of identities at their organizations https://www.scmagazine.com/analysis/cloud-security/security-pros-say-the-cloud-has-increased-the-number-of-identities-at-their-organizations
++++ Experian Joins iProov and Deloitte in UKs Digital ID Program https://mobileidworld.com/experian-joins-iproov-and-deloitte-in-uks-digital-id-program/
++++ Rohingya seek reparations from Facebook for role in massacre https://apnews.com/article/technology-business-bangladesh-myanmar-c5af9acec46a3042beed7f5e1bc71b8a
APNews
2022-10-28 02:36:46 -04:00
The platform, Amnesty says, wasnt merely a passive site with insufficient content moderation. Instead, Metas algorithms “proactively amplified and promoted content” on Facebook, which incited violent hatred against the Rohingya beginning as early as 2012.
2023-06-09 04:41:15 -04:00
* [Call it data liberation day: Patients can now access all their health records digitally](https://www.statnews.com/2022/10/06/health-data-information-blocking-records/) Statnews 2022-10-06
2022-10-28 02:36:46 -04:00
Under [federal rules](https://www.healthit.gov/buzz-blog/information-blocking/information-blocking-eight-regulatory-reminders-for-october-6th) taking effect Thursday, health care organizations must give patients unfettered access to their full health records in digital format. No more long delays. No more fax machines. No more exorbitant charges for printed pages.
2022-12-11 05:42:56 -05:00
## Known
2023-05-31 13:06:44 -04:00
++++ Known](https://withknown.com/) has supported [Indieweb https://indieweb.org/
standards since the beginning, but Fediverse has been notably missing. I think thats a big omission, but also not something Ive had bandwidth to fix.
++++ Building ActivityPub into Known https://werd.io/2021/building-activitypub-into-known
Ben Werdmüller
++++ ActivityPub support · Issue #2615 · idno/known · GitHub https://github.com/idno/known/issues/2615#issuecomment-991335313
2022-12-11 05:42:56 -05:00
This issue now has a funding of 3004.5068 USD (3000.0 USD @ $1.0/USD) attached to it.
2023-06-20 11:22:13 -04:00
* [Our Ultimate Guide to Authentication: Types, Mechanisms, Forms, Protocols and More](https://www.pingidentity.com/en/company/blog/posts/2021/ultimate-guide-authentication.html) Ping Identity
> When organizations employ authentication factors and protocols in a well-thought-out manner, users can still have excellent experiences while security administrators and auditors know operations are being executed securely. As we have seen, there are a number of ways to provide these services in any organization.
* [ID Token and Access Token: What Is the Difference?](https://auth0.com/blog/id-token-access-token-what-is-the-difference/)
> "Lets use a token to secure this API call. Should I use the ID token or the access token? 🤔 The ID token looks nicer to me. After all, if I know who the user is, I can make better authorization decisions, right?"
* [Identities Evolve: Why Federated Identity is Easier Said than Done](https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2163241) SSRN
> This paper shows that federated identity is really a radical and deeply problematic departure from the way we do routine business. Federation undoes and complicates long standing business arrangements, exposing customers and service providers alike to new risks that existing contracts are unable to deal with. Identity federations tend to overlook that identities are proxies for relationships we have in different contexts. Business relationships dont easily “interoperate."
* [The Working Principles of 2FA (2-Factor Authentication) Software](https://auth0.com/blog/the-working-principles-of-2fa-2-factor-authentication-software/) Auth0
> Theres a lot of “magic” happening under the hood of how software 2FA works. Today, were going to peel back the curtains and see how it works, how the codes are generated, what it protects and doesnt protect from.
* [What Is Authentication?](https://www.1kosmos.com/blog/authentication/what-is-authentication) 2021-07 1Kosmos
> Authentication is the process of proving that a user is who they claim to be to access system resources or features. Typically, this calls for some type of proof, whether that is a physical piece of information, a secret piece of information or some other immutable form of evidence.
2023-06-27 19:56:00 -04:00
### Forgerock
* [ForgeRock goes public](https://ludopoitou.com/2021/09/16/we-did-it/) 2021-09-16
Today is an huge milestone for ForgeRock. We are becoming a public company, with our stock publicly traded under the “FORG” symbol, at the New York Stock Exchange.
* [IAM 101 Series: What Are Directory Services?](https://www.forgerock.com/blog/iam-101-series-what-are-directory-services) Forgerock
### Ping
* [Ping to Target IAM Startups With New $50 Million Venture Fund](https://findbiometrics.com/ping-target-iam-startups-with-new-50-million-venture-fund-062205/)
That includes companies that are trying to prevent digital fraud, as well as companies that are engaged in identity verification and decentralized identity projects. However, the list is not exhaustive [...] [Allthenticate](https://www.allthenticate.com/) will be the recipient of its first investment.
* [Thoma Bravo to acquire Ping Identity for $2.8B](https://www.techtarget.com/searchsecurity/news/252523468/Thoma-Bravo-to-acquire-Ping-Identity-for-28B) TechTarget
* [Ping Identity to be Acquired by Thoma Bravo for $2.8 Billion](https://www.pingidentity.com/en/company/ping-newsroom/press-releases/2022/ping-identity-to-be-acquired-by-thoma-bravo-for-2-billion.html) Ping Identity
2023-06-30 18:29:53 -04:00
* [xkcd: PGP](https://xkcd.com/1181/)
2023-06-30 18:41:13 -04:00
### IAM
* [Video] [IAM and SSI: A Combined Approach to Digital Identity](https://www.youtube.com/watch?v=tzzg4cbj3mI) 2022-06-16 TOIP
> "Lets talk about the future of digital identity! Decentralized Identity will empower users to maintain control over their data and allow organizations to reap the benefits of being able to share trusted, verifiable identity data. The coexistence with traditional IAM will bring huge benefits to organizations who adopt." - Gabe Albert
2023-06-30 20:05:34 -04:00
## Google
---
published: false
---
# Google
* [Announcing Schema Markup Validator: validator.schema.org (beta)](http://blog.schema.org/2021/05/announcing-schema-markup-validator.html)
SDTT is a tool from Google which began life as the [Rich Snippets Testing Tool](https://developers.google.com/search/blog/2010/09/rich-snippets-testing-tool-improvements) back in 2010. Last year Google [announced plans](https://developers.google.com/search/blog/2020/07/rich-results-test-out-of-beta) to migrate from SDTT to successor tooling, the [Rich Results Test](https://search.google.com/test/rich-results), alongside plans to "deprecate the Structured Data Testing Tool". The newer Google tooling is focused on helping publishers who are targeting specific schema.org-powered [searc](https://developers.google.com/search/docs/guides/search-gallery)[h features](https://www.blogger.com/) offered by Google, and for these purposes is a huge improvement as it contextualizes many warnings and errors to a specific target application.
* [Me2BA Sees Progress in Googles “Pre-Announcement” for an Independently Audited Safety Section in Google Play Store](https://me2ba.org/me2ba-sees-progress-in-googles-pre-announcement-for-an-independently-audited-safety-section-in-google-play-store/)
> On May 6, 2021, two days after the Me2B Alliance published our report on data sharing in school utility apps, Google issued a “pre-announcement” describing major improvements to app labeling in the Android app store:
* [...] ([Source](https://android-developers.googleblog.com/2021/05/new-safety-section-in-google-play-will.html)
> The announcement signals a serious intention to not only catch up to Apples privacy label, but surpass it, by introducing independent validation of the Android app privacy information.
* [Apple vs (or plus) Adtech, Part II](https://blogs.harvard.edu/doc/2021/05/30/apple-vs-or-plus-adtech-part-ii/) 2021-05-30 Doc Searls
> To review… in Settings—> Privacy—> Tracking, is a single OFF/ON switch for “Allow Ads to Request to Track.” It is by default set to ON.
## Apple
* [iOS 15 Code Points to Biometric Onboarding for Apples Mobile ID](https://findbiometrics.com/ios-15-code-points-biometric-onboarding-apples-mobile-id-77202104/) 2021-07-30 FindBiometrics
> The iPhones incoming mobile ID feature will use selfie biometrics for identity verification, suggests code uncovered by 9to5Mac. The news indicates that Apple will be even more directly in competition […] The post iOS 15 Code Points to Biometric Onboarding for Apples Mobile ID appeared first on FindBiometrics.
## Amazon
* [Amazon Expands Palm Payment Service to Whole Foods in Austin, Texas](https://findbiometrics.com/amazon-expands-palm-payment-service-whole-foods-austin-texas-042105/) Find Biometrics
Amazon customers will first need to register their palm(s) using a scanner at the store. They will then be able to link a debit or a credit card to that palm print, which will in turn allow them to pay for their purchases with only a palm recognition scan the next time they pass through checkout.