TheArchitect.co.uk - Jorgen Thelin's weblogThoughts and experiences from an enterprise software architect. This is a personal weblog by Jorgen Thelin, a Senior Program Manager for Windows Live Identity Services at Microsoft in Redmond. The opinions expressed here represent my own views and not those of my current, prior or future employer(s).Delivering Data Portability (Part 2) - Sharing Contacts Between Social Networks- March 25, 2008 Today sees another a huge step forward for the social networking world by enabling sharing of contacts and friends lists BETWEEN different social networks - yet in a safe and secure way that firmly gives users the choice of how to use and control their information. In a move that further demonstrates Microsoft's commitment to user-centric data portability, Microsoft has partnered with some of the world's top social networks to make data portability for contacts a reality. Earlier this month at..http://www.thearchitect.co.uk/weblog/archives/2008/03/000493.html First Law of Password Hygiene- March 16, 2008 Since moving to a team that handles the user accounts for everyone who uses any of Microsoft's web property, I've started to take a much more informed look at how I use my own account credentials and which web sites and applications I hand over those credentials to. Angus Logan posted a great summary of the way Microsoft and Windows Live handles credential capture, which is worth a detailed read by everyone: No Microsoft web site will ask you for your Live ID credentials except login.live.com...http://www.thearchitect.co.uk/weblog/archives/2008/03/000492.html 10 Immutable Laws of Security- March 11, 2008 After yesterday's net-buzz about a rogue mailbox archive application it's worth reminding ourselves about a classic security article: 10 Immutable Laws of Security Law 1: If a bad guy can persuade you to run his program on your computer, it's not your computer anymore Law 2: If a bad guy can alter the operating system on your computer, it's not your computer anymore Law 3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore Law 4: If you allow a bad...http://www.thearchitect.co.uk/weblog/archives/2008/03/000491.html The Need for Delegated Authentication- March 10, 2008 The net is abuzz today about a scam application that is stealing people's G-mail account credentials. Or rather, the app is mis-using those account credentials when people hand them over to the application. Sound familiar Yes, that's exactly the sort of issue that Windows Live ID Delegated Authentication is intending to combat. If I think about an archiver application for an online mailbox, then I would want to allow it to do this action on your behalf: Read a copy of each e-mail in your...http://www.thearchitect.co.uk/weblog/archives/2008/03/000490.html Windows Live ID at MIX08- March 8, 2008 After the announcement of the launch of the new Windows Live Platform enhancements, the new technology got lots of coverage in sessions at MIX08 last week. Here's the MIX08 presentation from Angus Logan covering the overall Windows Live Platform developer functionality, and heavily emphasizing lots of great Live ID technology. Windows Live ID Web Authentication is covered from 24:18 through 35:21 Windows Live ID Delegated Authentication is covered from 35:30 through 46:43 The 3D Virtual Earth...http://www.thearchitect.co.uk/weblog/archives/2008/03/000489.html |