Offering a new service to inform executives about digital identity standards is a valuable resource. It helps executives understand when and how to assign resources to standards, ensuring critical use cases are met worldwide. Engineers and standards architects can either engage in or facilitate the process, not both. My service summarizes key developments, providing the necessary information for strategic decisions without overcommitting resources. Stay informed, save resources, and make strategic decisions that align with your business goals. If overwhelmed by Internet standards, this service is designed for you.
Preparing for the Quantum Shift in Cybersecurity
The internet's security relies on complex math, or cryptography. However, with quantum computers on the horizon, current encryption could become easily breakable. Post-quantum cryptography research is now focused on developing new, quantum-resistant methods. With the possibility of large-scale quantum computers within the next twenty years, organizations must prepare for the quantum apocalypse, where sensitive data could be exposed. It's crucial to anticipate the impact on security models and train workforces accordingly.
The EU Digital Identity Architecture Reference Framework – How to Get There From Here
The EU's Digital Identity Architecture Reference Framework (ARF) offers a starting point for digital wallets. It aims to support user control over personal data while meeting legal and cybersecurity requirements. But to get there from here, you need to know what you don't know: the functional and non-functional requirements, along with interfaces and integration points for digital identity wallets.
What is the W3C WICG Digital Identities Project?
In a digital age where the management of identity wallets and credentials is becoming increasingly complex, the W3C's Web Incubator Community Group (WICG) has initiated a pivotal work item called Digital Identities. As co-chair of the newly formed Federated Identity Working Group alongside Wendy Seltzer, I delve into why this project may (or may not!) soon find a permanent home within our group. This post explores the dance between digital identity, browser behavior, and the broader ecosystem, including privacy advocates and tech developers.
Privacy and Personalization on the Web: Striking the Balance
This is the transcript to my YouTube explainer video on why privacy and personalization are so hard to balance. Likes and subscriptions are always welcome!
The Evolving Landscape of Non-Human Identity
This blog entry explores the insane world of non-human identity, a subject as complicated as the world’s many cloud computing environments. My journey from the early days of digital identity management to the revelations at IETF 119 serves as the backdrop, and I share what I’m learning based on those experiences. The post zips through the labyrinth of authorization challenges that processes and APIs face, highlighting the contributions of DevOps and IT teams (but not so much IAM teams). I also introduce some of the efforts from IETF 119 aimed at standardizing the non-human identity space and urge you to broaden your horizons and deepen your comprehension of this evolving field. Ready to read more?
A Cookieless Horizon: Navigating Browser Changes
Browser vendors are replacing third-party cookies for authentication services on the web. Learn more about what that means in this latest transcript of my YouTube channel! The post elaborates on the W3C's role in standardizing web functionality, introduces the Federated Credential Manager (FedCM) as a privacy-enhancing API, and mentions other initiatives by major tech companies. Organizations need to be proactive in shaping the future of web privacy so we can collectively create a more secure and private web experience.
Understanding Browser Tracking & Logins: The Invisible Trail
Step into the arena where web tools dual as privacy foes and friends. From cookies to link decorations, we unveil how tracking morphs under the web's surface. Discover the challenge browsers face in shielding you without stripping the web's soul. Excited for a cookieless future? We're laying the groundwork in our series' next chapter!
The Evolution of MFA: Beyond SMS and Email
Multi-factor authentication (MFA) has evolved since the 1980s and now requires two out of three options: something you have, are, or know. However, phishing poses a significant threat to MFA's security, emphasizing the need for better options. Biometrics, app-based authenticators, and FIDO-based authenticators offer more secure alternatives. FIDO2 stands out as it includes phishing resistance in its core design. Passkeys and strong MFA are essential for personal and organizational security. Users without MFA options should prioritize implementing a secure system. Ultimately, understanding the risks and choosing appropriate MFA is crucial for safeguarding data and systems.
Navigating the Passwordless Future: Enhancing Digital Security
Moving towards a passwordless future is crucial for cybersecurity. So many high-profile breaches highlight the vulnerability of relying on passwords. Embracing passkeys, digital credentials tied to user accounts, and applications, offers a more secure and user-friendly alternative. Organizations should advocate for enhanced security, cost savings, and smoother user experience. In the meantime, implementing multi-factor authentication (MFA) can mitigate risks associated with passwords. Transition strategies should involve pilot programs and user feedback. Despite the challenges, staying informed about emerging technologies and advocating for advanced security solutions will pave the way for a passwordless future.