Carrier IQ is a module installed on many mobile phones to return data back to the telco. Some people are up in arms that it is an invasion of privacy. A giant class-action suit has been filed, which if nothing else will make the lawyers rich when the deep-pocket telcos settle. The telcos say that this simply provides them data to tune the network and does not violate wiretapping laws. I would observe that the telcos already know every number you call or text, and the content of both those voice and text messages. That is why wire-tapping laws have been in place in every country in the world for many years. So the real question seems to me to be, did they violate any laws? There were several other items of interest to the identity community, including one on valuable identity (click more for the list and links):

  • Ustream: OpenID Summit Tokyo #2
    [Many of session videos feature English speakers.]
  • Interview with Michael Schwarz, Gluu
    [By Martin Kuppinger at the EIC 2011]
  • BrowserID this week: better, faster, more secure.
    “Today, we released an important set of new features for BrowserID. These features make BrowserID more useful, faster, and more secure. “
  • Microsoft privacy chief says U-Prove slow to move
    “Microsoft said its audacious cryptography based identity platform U-Prove had not gained much ground since it was acquired three years ago.”
  • Product Research Note: Axiomatics Policy Management Suite - 70293
    “Axiomatics has distinguished itself from other vendors in this space by focusing on a solution that consistently implements and complies with the XACML standard and is to-date the only vendor in the market fully supporting the XACML 2.0 and XACML 3.0 standards including all standard profiles. “
  • Eve Maler: OpenID Connect Heralds The "Identity Singularity"
    “Security professionals responsible for diverse types of access management across cloud services, devices, and populations have to pull off a neat trick: control access requests that routinely cross domain boundaries. Federated identity techniques such as web single sign-on help to solve these problems but require "extreme interoperability." To secure a full set of such scenarios today, security architects must often design Rube Goldberg-type devices that translate between standards optimized for subsets of needs, such as B2B (business-to-business) or B2C (business-to-consumer). The new suite of OpenID Connect and JavaScript Object Notation (JSON) Web Token specifications brings another round of standards disruption but also promises a no-compromises approach to highly distributed identity and access management (IAM).”
  • OpenID UX Summit - Lessons Learned from RPX
    “Relying Party UX Overview and Lessons Learned”
  • Community-powered support for OpenID Foundation
    [A GetSatisfaction powered forum for OpenID, by the OpenID Foundation.]
  • A SASL & GSS-API Mechanism for OpenID
    “OpenID has found its usage on the Internet for Web Single Sign-On. Simple Authentication and Security Layer (SASL) and the Generic Security Service Application Program Interface (GSS-API) are application frameworks to generalize authentication. This memo specifies a SASL and GSS-API mechanism for OpenID that allows the integration of existing OpenID Identity Providers with applications using SASL and GSS-API.”
  • Drupal: OpenID ICAM Extension
    “This module extends Drupal's core OpenID support to meet the requirements of the GSA/ICAM OpenID 2.0 Profile.”
  • Identity Management Workshop - ISGC 2012
    “This will be the 3rd in a series of workshops on federated Identity Systems for Scientific Collaborations. The first workshop was held at CERN in June 2011 and the second at RAL in November 2011. This third workshop will focus on interacting with the Asia Pacific community and finalising the contents of a paper that will present a common vision with set requirements and recommendations.”
  • European Identity Conference 2012
    “April 17 – 20, 2012 - Dolce Ballhausforum, Munich/Unterschleißheim, Germany”


* Required Fields