My favorite tech commentator is Randall Munroe who draws the beloved Web comic, xkcd. Recently Instagram (a part of Facebook) unilaterally changed its rules to allow it to use your photos to sell to your friends. Of course, the standard click-through contract of adhesion allowed it to do this. Interestingly, there was outrage on the part of users, loud enough to get Instagram to back down.

Although this was a light week, there were a few other items of interest to the identity community:


  • Gemalto: Year End Wrap-Up: Our Favorite Digital Security Moments from 2012
    “4. Strong Identities Coming to Cyberspace. The National Strategy for Trusted Identities in Cyberspace (NSTIC) moved forward, awarding pilots to help create a trusted online identity ecosystem. We’re proud to have Gemalto’s Neville Pattinson play a big role in the initiative, serving on the Identity Ecosystem Steering Group. “


  • Christopher Elisan: The Evolution of Malware Encryption Part I: Basic Malware Encryption
    “Malware’s main weakness is its source code. If the source code is revealed through decompiling or disassembling, anything about the malware is laid bare. Its darkest secret becomes exposed and solving it becomes much easier. This is why protecting the source code is one of malware’s important directives, especially if it is designed for persistence.”
  • Nat Sakimura: Re: Limitations of the OAuth 2.0 definition of “Client”
    “The essence of the entry is that, the definition of “client” in OAuth 2.0 (RFC6749) is too limiting and does not fit with many current use of the specification.”
  • Bob Griffin: Re-invigorating the PKCS #11 Standard
    “OASIS and RSA will shortly be announcing a new technical committee, called “PKCS 11 Technical Committee”, that will address requirements for enhancements to PKCS #11. These requirements include  new mechanisms for instrumentation of the PKCS #11 application programming interface and other new PKCS #11 functionality, such as support of integration with other standards, particularly OASIS KMIP. The committee will also engage in activities that support effective and interoperable implementation of PKCS #11, such as developing guidance on the use of PKCS #11, supporting interoperability testing and coordination of reference implementations.”


  • 3Scale: Top 10 API Blog Posts 2012
    “APIs have come more and more to the forefront of tech-thinking in 2012 and the year has seen some great thinking about API trends and the Web more generally. As an end-of-year muse we’ve collected our favorite posts for your year-end reading list. Here they are, in no particular order!”

Cloud Computing

  • Phil Windley: Programing the Cloud With Persistent Data Objects
    “KRL is a language that is designed to help programmers build and understand distributed, persistent data objects (PDO) that live in the cloud and interact, primarily, through events. Collections of these PDOs form what I’ve frequently referred to as a personal cloud. I borrowed the term “persistent data object” from the book Trillions: Thriving in the Emerging Information Ecology by Lucas, Ballay, and McManus. The term seems to describe a KRL ruleset perfectly.”


  • GlobalPlatform updates security certification for secure mobile apps
    “First released in 2011, the Composition Model defines a simple certification approach for the security of secure element (SE) products carrying sensitive or basic applications as well as simplifies post-issuance application management. The latest enhancements to the model will be of particular interest to mobile application and product issuers like mobile network operators (MNOs) and financial institutions.”


* Required Fields