![[RSS]](images/icons/feed-icon-16x16.png){kind=icon}
Sxip News RSSArchives 2007 - Quarter 4
OpenID 2.0 Finalized: User Centric Identity For Christmas
5 December, 2007 - 3:10pm
The internet community got an early Christmas present this morning, after more than 18 months of work the OpenID Authentication 2.0 and OpenID Attribute Exchange 1.0 were released today as final specifications (”OpenID 2.0") at the Internet Identity Workshop. Kudos to David Recordon, Josh Hoyt, and Sxip's Dick Hardt (three of the authors and editors)! There are already several open source libraries shipping these specifications with product support including Drupal and Google’s Blogger (via Sxip’s library). Multiple OpenID Providers including Sxipper also already have support for both of these specifications. Additional security extensions for phishing-resistant authentication are also available with PAPE. The finalization of the specs brings us one step closer to our Identity 2.0 vision of enabling individuals to create and manage their online digital identities. Find out more on OpenID.net.
Gartner: Phishing Attacks are Targeting SaaS Applications
4 December, 2007 - 4:54pm
Gartner has just published new research with similar findings to Sxip's Security Bulletin stating, "Targeted phishing attacks will increasingly focus on software-as-a-service (SaaS) offerings that store large quantities of customer and business information" and that "users still are falling for phishing attacks, and the most dangerous of these are focusing on high value targets, like sales force automation and CRM systems." They recommend strong enterprise security programs for SaaS providers. We agree, however we suggest more advanced measures with no web form login by users, such as authentication with emerging Single Sign-On technologies like Information Cards, to substantially reduce the the phishing risk.
CRM Phishing - Brand Theft
30 November, 2007 - 2:51pm
Sxip's founder & CEO, Dick Hardt, has just published on his Identity 2.0 blog a posting on a disturbing new trend concerning enterprise phishing and on-demand applications. He notes, "Previously considered a threat for consumers, phishers are now targeting an enterprise’s customer list and using it to launch attacks against the enterprise customer - exploiting the enterprise brand." The effect this has on the compromised brands alone, (aside from the data and financial losses), is cause for concern -- as cited in a survey published earlier this week that found public confidence in consumer brands is dramatically affected by phishing attacks. Fortunately new phishing-resistant security measures can be undertaken using user-centric technologies such as Information Cards. Read our new Security Bulletin (pdf) to find out more, or join us as IIW next week, where this will be a topic for discussion.
Trust, Identity & Accountability On the Internet?
29 November, 2007 - 10:48am
A persistent reputation and accountability -- is it possible to have this online? Sxip's founder & CEO Dick Hardt will discuss this in a new version of his infamously rapid fire Identity 2.0 talk at the Internet Identity Workshop next week. He'll be speaking on trust and how user-centric technologies like OpenID, are necessary to bind identity to past behaviors to create an online world that is accountable, trustworthy and safe, and with users in control of their digital identity. The talk is Monday afternoon at the Computer History Museum in Mountain View. Hope to see you there!
SaaS Under Attack: Phishing for Your Customers
28 November, 2007 - 11:45am
The rise in enterprise on-demand application deployments has become a new and attractive target for phishers. As recently covered by CNET, Washington Post, eWeek and many others; phishers are employing multi-phased attacks that acquire enterprise customer contact data in order to launch further sophisticated assaults that exploit the trusted relationship between the enterprise and their customers. Thus, if you're using popular software-as-a-service (SaaS) applications for corporate email such as Google Apps, or for CRM such as Salesforce, you may be a target. Download our security bulletin (pdf) to gain a better understanding of the risks and the appropriateness of additional security measures.
Sxipper at Launch Party with a Twiist
21 November, 2007 - 6:17pm
Be among the first to see the latest release of Sxipper with his new privacy and security bells and whistles. We're demoing Sxipper at LAUNCH Party next month. Organized by the Valley's Twiistup and several Vancouver entrepreneurs, the event features local new media companies strutting their stuff and sharing their ideas with the community. Hope to see you at this fun-filled tech mixer on December 5!
Sxip on citizen-centric identity: IT Conversations podcast
19 November, 2007 - 12:57pm
Sxip's founder & CEO Dick Hardt recently had an in-depth discussion with Jon Udell of IT Conversations' Interviews with Innovators covering a host of digital identity issues including: the BC government's citizen-centric identity initiative, PKI, trust, privacy, biometrics, RFID, and more... Download this informative 45 minute technical overview of the Identity 2.0 vision and discover how phones will become the identity agents of the future.
Yahoo videocast on user-centric identity, Perl & Sxip
14 November, 2007 - 12:54pm
This 15 minute videocast with Sxip's founder and CEO and Yahoo Developer Network's Jeremy Zawodny at Defrag covers a lot of ground from Dick's open source roots to advocacy of user-centric identity. They discuss Dick's innovations over the past decade from leading the port of Perl to Windows in the mid-1990s with Microsoft, to being the first to build on the Mozilla platform with the Komodo IDE at ActiveState, to the creation of Identity 2.0 at Sxip. They concur on the state of user-centric identity being very much like the early days of the web (at the edge) with consumers just starting to become educated about the digital identity problem and solutions such as OpenID and CardSpace.
Defragging Identity 2.0
6 November, 2007 - 5:39pm
Our founder & CEO's latest Identity 2.0 keynote has generated some great comments regarding identity, trust, accountability and user-control on the web. Phil Windley of IT Conversations states, "much of what's he's saying is right in line with the reputation work my students and I have been working on. He makes a critical link to identity: identifiers bind personas together to increase trust." Dan Farber of CNET remarked, "His main thesis is that solutions, like OpenID, are necessary to “defrag” identity and bind it to past behaviors to create a world that is accountable, trustworthy and safe, and with users in control in a granular way of their online presence. Dick said the video would be available in a few weeks. Don't miss it." You bet! We'll post it as quickly as possible...
SSO to SuccessFactors Now Possible with Sxip Access
26 October, 2007 - 11:32am
Sxip Access now provides single sign-on and centralized user management for SuccessFactors in addition to other popular software-as-a-service applications such as Google Apps and Salesforce. This past summer, Sxip enabled a major North American energy producer with over 6000 employees to have secure and easy authentication for their users to SuccessFactors with our Virtual Appliances. Sxip Access was chosen over Microsoft ADFS, CA SiteMinder and RSA Federated Identity Manager as the only solution able to deliver a simple and proven identity management product for on-demand applications. Read more in our new SuccessFactors case study.
The Future of Facebook: Portable Social Networks
19 October, 2007 - 11:37am
Interested in seeing a more user-centric approach towards the identity data that Facebook stores? Could Facebook be the next killer app on the web if they were more than only somewhat open? Join us at the Facebook Developer Garage next week here in Vancouver. Our lead OpenID developer, Johnny Bufu will be on a panel with Boris Mann and others discussing how the extensions and protocols built around OpenID such as the attribute exchange in OpenID 2.0, can help with specific problems of data portability and user control that need to be solved by the social networks.
Identity 2.0 & Social Networks at PICNIC
11 October, 2007 - 2:00pm
Looking for some good videos on user-centric identity? Check out this "home movie style" video shot by Gabe McIntyre at the PICNIC conference last month in Amsterdam. The video is a panel on Portable Social Networks with discussion from the heads of Twitter, Jaiku, PeopleAggregator, Sxip, Hyves.nl, LinkedIn, XING and many others. They explore OpenID, user-centric identity, the problem of closed data silos and social media, how to lower the friction to participation on the web, Sxipper, and much much more. It's a bit long, but very informative. There's also a new iteration of Dick's infamous presentation (starts at 11 minute point). Catch up on the latest in Identity 2.0!
Identity 2.0 & Microsoft Developers
9 October, 2007 - 5:29pm
Join Sxip's founder & CEO Dick Hardt for a 30 minute podcast interview on digital identity with Microsoft's John Bristowe on the MSDN Developer Connection. Learn how user-centric identity enables developers in building Web 2.0 apps, improving conversions, limiting spam, and more! They also discuss the benefits of Identity 2.0 technologies such as OpenID, CardSpace, and Sxipper.