W3C home > Mailing lists > Public > public-xg-webid@w3.org > February 2011

RE: WebID-ISSUE-19: x509v3 Independence and TLS Extensions [WebID Spec]

From: Peter Williams <home_pw@msn.com>
Date: Thu, 3 Feb 2011 19:50:32 -0800
Message-ID: <SNT143-w478877BA576C36ABD4A0FE92E60@phx.gbl>
CC: <public-xg-webid@w3.org>

I only found one valuable link (I hope I dont offend the contributors, by being this blunt). If I was a VC with 250k starter stakes and hearing any of those stories, 3 of them would be out of the door in 5m. The other might get a free lunch, to encourage him to broaden the pitch more.
> [1] http://www.rcis.aist.go.jp/special/MutualAuth/
very focussed engineering claims. Perfectly suited to IETF. One problem : do more protocol work to address phishing while doing client/server password challenges. But, its essentially the topic area of : phishing passwords.

> [2] http://vsecurity.com/resources/tool
feels like the toolchain world for sysadmins
> [3]
> http://vsecurity.com/download/papers/WeaningTheWebOffOfSessionCookies.pdf
seems very classical stuff, most of it 10 years old for the most part. I have books from garfinkel that talk about all the same stuff: architecture of classical web apps. seems to show only basic cognizance of websso (how SLO is hard..), and doesnt remark on the oauth-consent-privilege world for multi-site apps. The forms-based webauth is stuck in client-server pattern. I agree with the final part ; the browser sucks at modern security UI, being stuck in the 90s.The problem is, its perpetuating the browser-centric view of the world, instread of having embrace the shift thats happend as the web has actually adopted (non rdf) data-centric, and service-centric app building.

> [4] http://sentinelchicken.org/

were various OS-level tools. Didnt even approach the level of an classical Microsoft AppFramework (for config, for diagnostic management, for...)

•A Brief Analysis of ASP.NET Session Identifiers
•Forensic Analysis of Unallocated Space in Windows Registry Hive Files
•Recovering Deleted Data From the Windows Registry
•The Windows NT Registry File Format
•IPv6 Address Cookies
•ClamAV Code Audit Results

"research" topics are very "tactical".

Received on Friday, 4 February 2011 03:51:27 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:39:41 UTC