Steven J. Murdoch and Ross Anderson, in the very worthwhile “Verified by Visa and MasterCard SecureCode: or, How Not to Design Authentication” assert:

While other single sign-on schemes such as OpenID, InfoCard and Liberty came up with decent technology they got the economics wrong…

To which I can only respond: “you wish. We don’t have any security economics! Not even the wrong ones.”

In the past, every time I brought up this issue in the OpenID community, I got nowhere. (The Information card community has slightly better ones due to the possibility of branding, but it has bigger problems to worry about right now.) But perhaps it is time to try again …

A lots of techies seem underwhelmed by yesterday’s iPad announcement. But Kevin Marks has a good pro-iPad point of view. I have another one to add:

Yep, we have seen all the pieces that make up the iPad: unibody, touch screen, WiFi, 3G, flash, big button in front, dock, … So technologically, it’s indeed a “yawn”. But this ignores the market innovation that it enables, which is the opposite of a yawn.

Just two examples:

• in healthcare, I can totally imagine hospitals putting up a stand+keyboard for the iPad in every treatment room, and the doctors and nurses carrying iPads. When they enter the room, they put the iPad on the stand, initially switched off, and figure out what’s wrong with you. Then, they can immediately enter what they need to into their medical records system.
  This is the first device for which this has ever been true! It can be carried, it wirelessly connects, it has the battery life, and it is big enough you can actually see something. The iPhone was the closest before, but the iPad nails it. That’s not just a billion-dollar market for Apple, but there is a very good chance we’ll all end up healthier!
• in education, it’s the device that could make printed textbooks obsolete. At $499 plus volume discount, that might even save the school districts money! And imagine what a textbook could turn into if you carried it around like an iPad with WiFi and high-end graphics available.

It’s very impressive that Apple manages to innovate technologically and market-wise in the same company. Any other company that knows how to do that?

Sounds like the Obama government is picking up the cause of what Nick and I called the Digital Deal. Amazing! This is powerful stuff, coming not from some fringe group but from the US Secretary of State Hillary Clinton.

Here are quotes from her speech today:

Franklin Roosevelt … delivered his Four Freedoms speech in 1941 …. principles adopted as a cornerstone of the Universal Declaration of Human Rights…

The final freedom, one that was probably inherent in what both President and Mrs. Roosevelt thought about and wrote about all those years ago, is one that flows from the four I’ve already mentioned: the freedom to connect – the idea that governments should not prevent people from connecting to the internet, to websites, or to each other. The freedom to connect is like the freedom of assembly, only in cyberspace. It allows individuals to get online, come together, and hopefully cooperate.

This is exactly how I would have put it. It’s assembly, just on a different type of town square, and just as important as the other fundamental human rights.

It’s smart she puts it as “flows from” what more countries signed already than they are now comfortable with.

She continued:

The United States is committed to devoting the diplomatic, economic, and technological resources necessary to advance these freedoms…

We’re including internet freedom as a component in the first resolution we introduced after returning to the United Nations Human Rights Council…

We are providing funds to groups around the world to make sure that [new tools that enable citizens to exercise their rights of free expression by circumventing politically motivated censorship] get to the people who need them in local languages, and with the training they need to access the internet safely…

Now, ultimately, this issue … [is] … about whether we live on a planet with one internet, one global community, and a common body of knowledge that benefits and unites us all, or a fragmented planet in which access to information and opportunity is dependent on where you live and the whims of censors.

… Historically, asymmetrical access to information is one of the leading causes of interstate conflict. When we face serious disputes or dangerous incidents, it’s critical that people on both sides of the problem have access to the same set of facts and opinions.

For companies, this issue is about more than claiming the moral high ground. It really comes down to the trust between firms and their customers. Consumers everywhere want to have confidence that the internet companies they rely on will provide comprehensive search results and act as responsible stewards of their own personal information. Firms that earn that confidence of those countries and basically provide that kind of service will prosper in the global marketplace. I really believe that those who lose that confidence of their customers will eventually lose customers…

This is exactly how I put it over at Upon 2020 when discussing Google’s China move a few days ago. 10 years ago, it wouldn’t have mattered. 10 years in the future it will be decisive in the marketplace. These are the early rumblings. Mark my words.

And censorship should not be in any way accepted by any company from anywhere. And in America, American companies need to make a principled stand. This needs to be part of our national brand. I’m confident that consumers worldwide will reward companies that follow those principles…

We cannot stand by while people are separated from the human family by walls of censorship. And we cannot be silent about these issues simply because we cannot hear the cries.

There is of course always the issue of how sausage is made, in international politics even more so than domestically. But it’s a good start, certainly better than I would have dreamed.

P.S. Spot the worst offender in this list from her today: “Violent extremists, criminal cartels, sexual predators, and authoritarian governments…”

Chris Messina thinks the OpenID brand should come to mean a package of a number of related “Open Stack” technologies, called OpenID Connect, and start to compete with Facebook Connect.

Dare Obasanjo disagrees: he thinks we only need an OpenID Connect if there were multiple incompatible implementations of Facebook Connect-like products from multiple players, to standardize best practice.

Who is right?

Both, I think. They represent two different points of view that I both sympathize with. I like the first better but the second one might be more realistic. I only realized this a few months ago, this is as good a time as any to attempt to explain this:

First I have to make a detour: OpenID (and related “Open Stack” technologies) are fundamentally interoperability standards. If I have a website and you have a website, OpenID enables our mutual customers to do something interesting by “connecting” some pieces of my website to your website. Take authentication performed on my website to your website, for example. Move data, etc. It’s important to realize OpenID doesn’t do anything that can’t be done already by a site by itself, or within a tightly coupled federation of sites. Instead, OpenID is about interoperability between sites managed by different entities that only agree on the OpenID interoperability specification.

How do successful interoperability standards come into being, and how do they continue to evolve?

I’m not a technology historian, but it appears to me that they usually emerge after several companies have implemented similar, proprietary ways of interoperating, and the potential adopters of such proprietary specifications revolted saying something to the effect of “we can’t afford implementing half a dozen different ways of interoperating with you guys, we need to have one way for the whole industry.”

I think that is essentially Dare’s point. He’s asking where everybody else’s (MySpace, Google, etc.) products are that are like Facebook Connect, and finds very little. His conclusion: this is not the right time for an OpenID Connect.

Chris’ point comes from a different perspective, which is: let’s make the web a better place, and collaboratively design a set of new capabilities that help us all. I understand that perspective very well, because I, like many others, was preaching that perspective ever since I got into that digital identity business in the first place. The trouble is: it’s like molasses, and nothing much ever happens. So far, that has been true about an OpenID Connect, too, for which people like Chris and myself have been asking for for at least a year or more.

I wonder what the newly expanded board of the OpenID Foundation thinks of it. There are enough new faces, in particular from non-technology-platform companies on it that the dynamics may be different. Looking forward to seeing what comes to pass or does not.

Seems PG&E is installing smart meters for electricity and gas in our neighborhood. They use some kind of mesh networking.

Anybody know how they might be secured?