Wednesday, February 7, 2007

Microsoft Pledges Support for OpenID. Microsoft Pledges Support for OpenID. Microsoft throws its weight behind OpenID, an emerging Web authentication standard. [PC World: Latest Technology News] 1:55:39 PM

Microsoft to Support OpenID. Microsoft to Support OpenID. SAN FRANCISCO: Microsoft Chairman Bill Gates today said his company would throw its support behind "OpenID," an open-source, distributed identity management system that seeks give computer users a more secure way to manage their online credentials. "Everywhere you go on the Web there are issues about reputation and trust," Gates said in the keynote address this morning here at the RSA Security conference here. "Some blog environments want anonymous people to [be able to] say anything, and in other environments, they want you to represent some credentials about who you are. And that's just not going to scale with the kind of password thing we have today." In a (very simplified) example, OpenID works like this: The key to your online identity is a Web address, such as http://myblog.someplace.com. You pick one of several OpenID providers -- such as Vox, OpenID, Verisign or LiveJournal (OpenID is the brainchild of LiveJournal founder Brad Fitzpatrick) -- to be the trusted host for your identity credentials. When you visit a site that has implemented OpenID, you're asked to enter your personal Web address, which you've configured to query your identity credentials stored at your chosen OpenID provider, which in turn will ask you to login using whatever credentials it requires. These couple of blogs have more coherent and complete explanations of how OpenID is supposed to work. OpenID is most often cited as a way to help Internet users navigate the zillions of blogs and other Web 2.0 applications that require users to sign up and manage different usernames and passwords. Some advocates say it also has the potential to help users guard against phishing scams and related forms of online fraud, but others say the whole system is likely to be a boon for phishers and online scam artists everywhere. Gates said Microsoft would support OpenID 2.0 in conjunction with CardSpace, a feature similar in nature to OpenID that is built in to Windows Vista. CardSpace seeks to make managing digital identities easier and safer by replacing usernames and passwords as the means of identifying oneself on the Web. Microsoft's acceptance of an open standard is being cautiously praised by many technologists in the blogosphere, who see the software giant's participation as key to fixing the more complex problems with online identity management and authentication. Microsoft has tried to control the online ID space in the past with programs like MSN Passport, which largely failed to gain traction beyond Microsoft's own online properties. Single sign-on programs also have been touted by Yahoo! and Google. Bruce Schneier, a cryptography expert and chief technology officer for online security provider BT Counterpane, greeted Microsoft's announcement with reservation, saying Microsoft has a long history of "supporting and then co-opting" open standards. "They tried to get their own system working, and I think it's telling that they are now supporting an open system," said Schneier, who's giving a talk at RSA later today on what he calls "the psychology of security." "In some ways it's worrisome, but I'm reasonably confident in the Web 2.0 world that the distributed control of OpenID is strong enough, that it's not Microsoft-driven," he said. [Security Fix] 1:51:02 PM

Senators Introduce Strong Data Breach Bill. Senators Introduce Strong Data Breach Bill. Senators Patrick Leahy (D-Vt.) and Arlen Specter (R-Pa.) today introduced legislation to protect consumers when their personal privacy is compromised by data breaches. First introduced in 2005, the Personal Data Privacy and Security Act is one of the stronger data-breach proposals that have been proposed in Congress. CDT is particularly supportive of a provision in the measure that strengthens oversight of the government's use of commercial databases to collect information about citizens. CDT supports federal data breach legislation so long as it improves on existing protections and does not undermine the strong protections already established by the states. [Center for Democracy and Technology] 1:48:40 PM

Hollywood on the Hill: Time to Bury the Broadcast Flag? Hollywood on the Hill: Time to Bury the Broadcast Flag? Hollywood is in full force today on Capitol Hill,hosting "The Business of Show Business Industry Symposium"(pdf) with stars such as Sex, Lies & Videotape director Steven Soderbergh and An Officer and a Gentleman Director Taylor Hackford talking about how central copyright is to the business of movie making. We don't disagree with that notion of course, but what we don't usually agree with Hollywood about is the means by, and the degree to which, government should protect those copyrights. Over the past 5 years, Hollywood and the recording industry have pushed numerous proposals in Congress, and they have tended to fall into several categories: 1) government technology mandates like the broadcast flag; 2) expanding secondary copyright liability (like the "Induce Act"); 3) expanding the permissions culture (e.g., licensing temporary or buffer copies); and 4) increasing punishment for copyright infringement that falls just short of death by hanging. The good news is that most of these efforts have failed. The bad news is that with a Democratic-controlled Congress and one year until a Presidential election, you can bet your mortgage that they will be pushing these, and other initiatives hard in 2007. But as time goes on and the public's (and the content industry's) use of technology and digital media change, it makes it harder and harder to make the case for these proposals. Take, for example, our favorite technology mandate, the broadcast flag. For those newcomers to this blog, the FCC's 2003 broadcast flag rules would have given the government the power to dictate technological design, and as a result, limit lawful uses of digital technology. The rules would have required FCC pre-approval for every technology that could demodulate a digital TV signal, as well as for those technologies (like Digital Video Recorders or even cellphones) that are "downstream" from digital TV devices. Public Knowledge brought a court challenge on behalf of it and eight other public interest, library and cyberliberties organizations, and in May 2005 a federal appeals court struck down the rules. Hollywood has been trying to get Congress to reinstate it ever since. Even assuming that there was ever a rationale for the broadcast flag, does it exist anymore? And would such a rule even be in the best interests of the content industries? Let's take a look: read more [Public Knowledge - Policy Blog] 1:43:44 PM

© Copyright 2007 Paul Hardwick. Last update: 3/4/07; 11:15:19 AM.