Subscribe
Subscribe to our blog's RSS feed.
NSF Funding
CONNECT Springboard
Author Archives: Francisco Corella
One-Click OpenID: A Solution to the NASCAR Problem
OpenID allows the user to choose any identity provider, even one that the relying party has never heard of. This freedom of choice is, in my opinion, the most valuable feature of OpenID. Unfortunately, this feature comes with a difficult … Continue reading
OpenID Providers Invited to Join in an NSTIC Pilot Proposal
NSTIC has announced funding for pilot projects. Preliminary proposals are due by March 7 and full proposals by April 23. There will be a proposer’s conference on February 15, which will be webcast live. We are planning to submit a … Continue reading
After CardSpace, Microsoft Calls for Research on Passwords
In February 2011 Microsoft discontinued CardSpace, a Windows application for federated login that was the deployment vehicle for the U-Prove privacy-enhancing Web authentication technology, which itself is said to have inspired the NSTIC initiative. Cormac Herley, a Microsoft researcher, and … Continue reading
Credential Sharing: A Pitfall of Anonymous Credentials
There is an inherent problem with anonymous credentials such as those provided by Idemix or U-Prove: if it is not possible to tell who is presenting a credential, the legitimate owner of a credential may be willing to lend it … Continue reading
Trip Report: Meeting on Privacy-Enhancing Cryptography at NIST
Last week I participated in the Meeting on Privacy-Enhancing Cryptography at NIST. The meeting was organized by Rene Peralta, who brought together a diverse international group of cryptographers and privacy stakeholders. The agenda is online with links to the workshop … Continue reading
Do-Not-Track and Third-Party Login
Recently the World Wide Web Consortium (W3C) launched a Tracking Protection Working Group, following several recent proposals for Do-Not-Track mechanisms, and more specifically in response to a W3C-member submission by Microsoft. A useful list of links to proposals and discussions … Continue reading
Benefits of TLS for Issuing and Presenting Cryptographic Credentials
In comments on the previous post at the Identity Commons mailing list and comments at the session on deployment and usability of cryptographic credentials at the Internet Identity Workshop, people have questioned the advantages of running cryptographic protocols for issuing … Continue reading
Deployment and Usability of Cryptographic Credentials
This is the fourth and last of a series of posts on the prospects for using privacy-enhancing technologies in the NSTIC Identity Ecosystem. Experience has shown that it is difficult to deploy cryptographic credentials on the Web and have them … Continue reading
Are Privacy-Enhancing Technologies Really Needed for NSTIC?
This is the third of a series of posts on the prospects for using privacy-enhancing technologies in the NSTIC Identity Ecosystem. In the first two posts we’ve looked at two, or rather three, privacy-enhancing authentication technologies: U-Prove, Idemix, and the … Continue reading
Pros and Cons of Idemix for NSTIC
This is the second of a series of posts on the prospects for using privacy-enhancing technologies in the NSTIC Identity Ecosystem. In the previous post I discussed the pros and cons of U-Prove , so naturally I should now discuss … Continue reading