decentralized-id.github.io/identosphere-dump/open-standards/not-ssi/id-not-ssi.md
2023-01-15 01:30:53 -05:00

127 lines
11 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
published: false
---
# Existing ID Standards Based Tech
## Explainer
### Identity not SSI
* [101 Session: UMA - User Manged Access](https://iiw.idcommons.net/3B/_101_Session:_UMA_-_User_Managed_Access) by Eve Maler and George Fletcher
* [Police in Latin America are turning activists phones against them](https://restofworld.org/2021/latin-america-phone-security/)
Experts say that seized devices have become a trove of information for authorities cracking down on social movements and opposition leaders.
* [Calls for New FTC Rules to Limit Businesses Data Collection and Stop Data Abuse](https://anonyome.com/2021/07/calls-for-new-ftc-rules-to-limit-businesses-data-collection-and-stop-data-abuse/)
“I want to sound a note of caution around approaches that are centered around user control. I think transparency and control are important. I think it is really problematic to put the burden on consumers to work through the markets and the use of data, figure out who has their data, how its being used, make decisions … I think you end up with notice fatigue; I think you end up with decision fatigue; you get very abusive manipulation of dark patterns to push people into decisions.
* [NSO rejects](https://www.theguardian.com/news/2021/jul/18/response-from-nso-and-governments) this label. It insists only carefully vetted government intelligence and law enforcement agencies can use Pegasus, and only to penetrate the phones of “legitimate criminal or terror group targets”
* [How Social Engineering Has (And Hasnt) Evolved Over Time](https://auth0.com/blog/how-social-engineering-has-and-hasnt-evolved-over-time/) auth0
> In short: you can deploy all the technological measures you want, but unless you address the human element, an attacker can defeat your defenses with a simple phone call or email.
* [My Take on the Misframing of the Authentication Problem](https://kyledenhartog.com/misframing-authn/) Kyle Den Hartog
> If you havent [read this paper](https://www.cl.cam.ac.uk/~fms27/papers/2012-BonneauHerOorSta-password--oakland.pdf) before you design an authentication system youre probably just reinventing something already created or missing a piece of the puzzle \
> [...] can anyone point me to an academic research paper or even some user research that tells me the probability that a users password will be discovered by an attacker in the next year? What about the probability that the user shares their password with a trusted person because the system wasnt deployed with a delegation system? Or how about how the probability will drop as the user reuses their password across many websites? Simply put I think weve been asking the wrong question
* [The Things to Keep in Mind about Auth](https://developer.okta.com/blog/2021/10/29/things-to-keep-in-mind-about-auth) Okta
* [Developers: SMS Authentication is Challenging](https://medium.com/magiclabs/building-sms-authentication-c2cabccbd5f8) Magic Labs
> SMS (Short Message Service) messaging¹, despite a number of material challenges, has broad adoption, international regulations, and support across platforms.
* [What is Knowledge-based Authentication (KBA)?](https://www.pingidentity.com/en/company/blog/posts/2022/what-is-knowledge-based-authentication-kba.html) Ping Identity
When you set up a new account, you are often asked to create a password and choose a security question and answer (e.g., What is your mother's maiden name?). Answering security questions based on personal information when you log in to an app or system is called knowledge-based authentication (KBA).
* [Open Badges is now on the plateau of productivity](https://dougbelshaw.com/blog/2022/03/18/open-badges-fers/) Doug Belshaw
Were no longer in the stage of “imagine a world…” but rather “heres whats happening, lets talk about how this could be useful to you”.
* [Cloudflares investigation of the January 2022 Okta compromise](https://blog.cloudflare.com/cloudflare-investigation-of-the-january-2022-okta-compromise/)
Our [understanding](https://twitter.com/toddmckinnon/status/1506184721922859010) is that during January 2022, hackers outside Okta had access to an Okta support employees account and were able to take actions as if they were that employee. In a screenshot shared on social media, a Cloudflare employees email address was visible, along with a popup indicating the hacker was posing as an Okta employee and could have initiated a password reset.
Disasters in the World of Data
* [Facebook Is Receiving Sensitive Medical Information from Hospital Websites](https://themarkup.org/pixel-hunt/2022/06/16/facebook-is-receiving-sensitive-medical-information-from-hospital-websites)
* [Facebook and Anti-Abortion Clinics Are Collecting Highly Sensitive Info on Would-Be Patients](https://themarkup.org/pixel-hunt/2022/06/15/facebook-and-anti-abortion-clinics-are-collecting-highly-sensitive-info-on-would-be-patients)
* [Tech on Juneteenth: Some tech firms perpetuate modern-day slavery by using prison labor](https://benwerd.medium.com/tech-on-juneteenth-c45822aa53f7)
* [What Is Account Creation Fraud?](https://www.pingidentity.com/en/resources/blog/post/what-is-account-creation-fraud.html)
* [Balancing User Experience and Security](https://www.pingidentity.com/en/resources/blog/post/balancing-user-experience-ux-and-security.html)
* [Digital Identity Wallets auf Basis eIDAS 2.0 Ecosystem](https://www.comuny.de/digital-identity-wallets-auf-basis-eidas-2-0-ecosystem/)
Womens Rights and Technology Intersection feel very poinient this week
* [Section 230 Is a Last Line of Defense for Abortion Speech Online](https://www.wired.com/story/section-230-is-a-last-line-of-defense-for-abortion-speech-online/) Wired
Democrats who have been misguidedly attacking Section 230 of the Communications Decency Act need to wake up now. If they dont [start listening](https://www.thedailybeast.com/want-to-fix-big-tech-stop-ignoring-sex-workers) to the warnings of human rights experts, [sex workers](https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4095115), LGBTQ+ folks, and [reproductive rights](https://freedomnetworkusa.org/app/uploads/2020/09/FNUSA-Joins-EARN-IT-Act-Coalition-letter-9.09.2020.pdf) groups, Democrats could help right-wing zealots achieve their goal: mass censorship of online content about abortion.
## Identity not SSI
* [Fixing Web Login](https://www.windley.com/archives/2022/06/fixing_web_login.shtml) Phil Windley
Like the "close" buttons for elevator doors, "keep me logged in" options on web-site authentication screens feel more like a placebo than something that actually works. Getting rid of passwords will mean we need to authenticate less often, or maybe just don't mind as much when we do.
* [ADOPTING NEW TECH: HOW TO GIVE YOUR TEAM THE BEST CHANCES OF SUCCESS](https://www.theengineroom.org/adopting-new-tech-how-to-give-your-team-the-best-chances-of-success/) The Engine Room
From our past work in this area, we have seen that slow and steady wins the race: for new policies, practices, and technologies to become part of workflows, staff need to be able to learn how to use new tools and incorporate them into their daily work practices — and be supported in doing so.
* [WHAT WEVE LEARNED THROUGH OUR SUPPORT FOR ORGANISATIONS WORKING ON BUILDING DIGITAL COMMUNITIES](https://www.theengineroom.org/what-weve-learned-through-our-support-for-organisations-working-on-building-digital-communities/) The Engine Room
Maintaining an online community is a lot of work, in both the short term and the long term. It requires setting aside time, human resources and tech infrastructure to keep things running smoothly. Here are some questions and ideas that can help you assess what it may take to maintain the online community youre trying to build:
* [InfoCert, AUTHADA and Dr. Ing. Wandrei develop a new tool for QES in the circular economy](https://infocert.digital/infocert-authada-and-dr-ing-wandrei-develop-a-new-tool-for-qes-in-the-circular-economy/) Infocert
> signature can now be done on mobile devices such as smartphones and tablets with the new NSUITE.mobile product, with a consequent streamlining of the entire process.
- [InfoCert has been recognized Representative Vendor in Gartners Market Guide for Electronic Signature 2022](https://infocert.digital/infocert-has-been-recognized-representative-vendor-in-gartners-market-guide-for-electronic-signature-2022/)
- [GBG: The State of Digital Identity 2022](https://www.gbgplc.com/media/heqgqhur/gbg-state-of-digital-identity-2022.pdf)
- Security and satisfaction: Gaining from The Great Switch
- Digital identitys next step: Mobile and alternative data
- Identity fraud: Its a matter of when, not if
- Young adults: The biggest victims of identity fraud?
- Fraud and financial services
- Time to build trust in a digital world
* [Daon-Neustar Partnership Combines Voice Authentication With Phone Number Verification](https://findbiometrics.com/daon-neustar-partnership-voice-authentication-phone-number-verification-508261/)
Bad News
* [Widespread Okta phishing campaign impacts over 130 organizations](https://www.scmagazine.com/brief/identity-and-access/widespread-okta-phishing-campaign-impacts-over-130-organizations)
* [LastPass Reports a Breach: Identity News Digest](https://findbiometrics.com/lastpass-reports-a-breach-identity-news-digest-508262/)
* [Security pros say the cloud has increased the number of identities at their organizations](https://www.scmagazine.com/analysis/cloud-security/security-pros-say-the-cloud-has-increased-the-number-of-identities-at-their-organizations)
* [Experian Joins iProov and Deloitte in UKs Digital ID Program](https://mobileidworld.com/experian-joins-iproov-and-deloitte-in-uks-digital-id-program/)
* [Rohingya seek reparations from Facebook for role in massacre](https://apnews.com/article/technology-business-bangladesh-myanmar-c5af9acec46a3042beed7f5e1bc71b8a) APNews
The platform, Amnesty says, wasnt merely a passive site with insufficient content moderation. Instead, Metas algorithms “proactively amplified and promoted content” on Facebook, which incited violent hatred against the Rohingya beginning as early as 2012.
* [Call it data liberation day: Patients can now access all their health records digitally](https://www.statnews.com/2022/10/06/health-data-information-blocking-records/) Statnews
Under [federal rules](https://www.healthit.gov/buzz-blog/information-blocking/information-blocking-eight-regulatory-reminders-for-october-6th) taking effect Thursday, health care organizations must give patients unfettered access to their full health records in digital format. No more long delays. No more fax machines. No more exorbitant charges for printed pages.
## Known
* [Known](https://withknown.com/) has supported [Indieweb](https://indieweb.org/) standards since the beginning, but Fediverse has been notably missing. I think thats a big omission, but also not something Ive had bandwidth to fix.
* [Building ActivityPub into Known](https://werd.io/2021/building-activitypub-into-known) Ben Werdmüller
* [ActivityPub support · Issue #2615 · idno/known · GitHub](https://github.com/idno/known/issues/2615#issuecomment-991335313)
This issue now has a funding of 3004.5068 USD (3000.0 USD @ $1.0/USD) attached to it.