Managing OAuth Risks in Mobile Applications
When, not if, endpoints get compromised OAuth tokens and other credentials become collateral damage. That means cyber-attackers may also compromise any resources available through OAuth 2.0, such as accounts at sites accessed through some social login systems or (potentially) HIPAA-protected… Continue reading
Social Networks About to Get Creepier
Welcome to the brave new world of creepy social networks. Facebook and Google want your real data. They want to lock you into their social login and social/mobile payment systems. They, or their partners want to spy on our behavior,… Continue reading
UCID Live Conference Review: Herding Cats over Iron Bridges at IDESG
Peter Brown, Chair of the U.S. National Strategy for Trusted Identities in Cyberspace (NSTIC’s) Identity Ecosystem Steering Group (IDESG) Management Council delivered the User-Centric Identity (UCID) Live Conference keynote last Tuesday in Washington, DC. In this role, he was standing… Continue reading
Proposed OAuth 2.0 Assurance Session at IIW
As the morning dawns on the Mountain View Computer History Museum in California, the Internet Identity Workshop (IIW) will begin and I’ll propose an “unconference” session on OAuth assurance. As some of you know and others may see from the… Continue reading
Transitive Liability: Balancing HIPAA and Meaningful Use
Just recently, the U.S. Health Information Portability and Accountability Act (HIPAA) grew sharper teeth and a longer arm. On January 2013, the Health and Human Services (HHS) department published what is referred to as the Omnibus Rule, reinterpreting the Act.… Continue reading