New: “Identity Assurance Means Never Having To Say ‘Who Are You, Again?’”

Does having published my first Forrester research report and done my first quarterly teleconference mean I’ve made my analyst bones? Hmm. You can read about my identity assurance coverage here. (Regular readers may recall that I wrote about identity assurance on Pushing String last fall, batting around ideas with Paul Madsen and others.)

Baseline health and Paleo 2.0

With Gary Taubes blogging and the extended low-carb/paleo community hopping, I feel less of that ol’ carbgrrl blogging pull, but I follow all the goings-on with keen interest.

One recent post over on Hyperlipid analyzes fasting insulin and — get this — accidental weight loss among the obese. Here are some excerpts that may be mind-blowing to the nutritionally uninitiated:

[O]ut of only five subjects, one obese person became a food refusenick. Various studies have had similar compliance problems, with

 […]
Read more

New: “CardSpace Is Dead. Long Live Back-Channel Access.”

I’ve got a new post up on my Forrester blog, commenting on CardSpace and the important trends to pay attention to at this juncture. […]
Read more

The most productive thing possible

With a schedule that’s suddenly become insane, I keep thinking about this poster I found a few years ago. Kidding — or serious?

I know. Maybe Kitty’s datebook could help! […]
Read more

New: “OpenID, Successful Failures And New Federated Identity Options”

Though there’s still a creepy fuzzy anonymous head where my picture is supposed to be, I’ve got my first post up on the Forrester Research Security & Risk blog. It discusses the recent 37signals decision to stop using OpenID and the larger “button-based login” environment in which OpenID can be considered a positive influence. As a bonus, it provides a new Venn diagram comparing features of OpenID + attribute exchange, the SAML web browser SSO profile, and OAuth + “connect”-style  […]
Read more

Ch-ch-ch-ch-changes

I’ve just made a big change, joining Forrester Research as a Principal Analyst, and this new adventure is sure to be exciting. It’s an honor to join this stellar organization and work with so many talented folks. I’ll be serving security and risk professionals and will focus primarily on identity and access management, so this move feels like a natural outgrowth of work I’ve been involved in for more than ten years now.

My tenure at PayPal was a great  […]
Read more

Seeking escape velocity from nutritional Bizarro World

The new book from (The Great) Gary Taubes is finally out: Why We Get Fat: And What to Do About It.

Taubes is obviously a man on a mission, nearly bursting with frustration at the anti-scientific and near-religious wishful thinking that has been passing for diet, nutrition, and public health advice for the last few decades. Near-religious? Yes — really. Why else would we be told this by “experts” for so long, even though their theories can readily be  […]
Read more

Talking about security that “assumes DNS holds”

In discussions of economics, a predictive statement is often accompanied by the qualifier ceteris paribus, or, roughly, “other things being equal”, in order to compare apples fairly to apples. In discussions of Internet security, more and more I hear, and have occasion to use, a qualifier like “assuming DNS holds”. For a while, I used a stock formulation that went like “assuming DNSSEC or no cache poisoning”.

An awful lot rides on getting to the domain you think you’re  […]
Read more

Wishing you a happy, healthy, user-managed new year

UMA Christmas tree 2010

Thanks to Domenico Catalano (@DomCat) for putting together this lovely and geeky holiday message! And thanks to all the UMAnitarians for their contributions of passion, business problem-solving, and technical know-how to the User-Managed Access work.

The end of 2010 has brought new progress on several fronts. The UMA-friendly Java-based OAuth leeloo implementation was released as open source; we’ve begun solving some hard problems in defining interoperable interfaces between OAuth authorization servers and resource servers; we’ve been teasing out  […]
Read more

The price for free online service, down to the last decimal

I’ve been thinking lately that websites should display a pie chart showing what you’re really paying for “free” online services, just to show that it really does always add up to 100%. Something like this:

Price for Using Our 'Free' Service

Now Drummond points us to the world’s first truly honest privacy policy. A taste:

Remember, when you visit our Web site, our Web site is also visiting you. And we’ve brought a dozen or more friends with us, depending on how many ad networks

 […]
Read more