Vibro.NETScatter thoughtsAll your tokens are belong to us- May 31, 2008 Kim just posted a great piece about "an account this week describing an attack on the use of CardSpace within Internet Explorer". I won't add anything, because his post is just perfect as it is: I strongly suggest you go read it in its entirety. Here a quote: "Students at Ruhr Universitat Bochum in Germany have published an account this week describing an attack on the use of CardSpace within Internet Explorer. Their claim is to confirm the practicability of the attack by presenting a...http://blogs.msdn.com/vbertocci/archive/2008/05/30/all-your-tokens-are-belong-to-us.aspx The fedlet as an R-STS- May 21, 2008 I am horribly behind schedule with my blog, I still have to post a wrapup of IIW but didn't find the time so far; however I want to quickly comment on the recent coverage of the Fedlet (see Pat himself here and Paul here). I attended the nice IIW session during which Pat demonstrated the fedlet. I found it interesting and strangely familiar.At a certain point I could not help myself and asked: "Pat, just for the sake of expressing things in the terminology of a domain I am comfortable with:...http://blogs.msdn.com/vbertocci/archive/2008/05/20/the-fedlet-as-an-r-sts.aspx Claims propagation: Kirchhoff or maxflow- May 7, 2008 In the last week or so Paul Madsen made at least a couple of posts with strong visual components: one that resumed my old 2005 post on a notation for message crypto, the other on Feynman diagrams. Nice! Paul, when I am in that mood I find especially pleasant to thumb through Tufte: I highly recommend it. Like Paul, in a former life I dealt with completely different stuff: I spent few years on computational geometry first, and on scientific visualization later. I am absolutely in love with what..http://blogs.msdn.com/vbertocci/archive/2008/05/07/claims-propagation-kirchhoff-or-maxflow... Blogging software misfired...- May 6, 2008 ...or I clicked "Publish" instead of "Save Draft". Anyway, the net result is that a post was erroneously published in draft format; since it was during the lunch break, it had the time to propagate and be reaggregated in a number of feeds. Luckily I didn't write anything especially bad, it's just that it was still very coarse, definitely unfinished and I changed my mind another 2 times on the subject before deciding to publish. Hence, FYI: in case you read a post from my feed...http://blogs.msdn.com/vbertocci/archive/2008/05/05/blogging-software-misfired.aspx Claim types: a coarse taxonomy- May 6, 2008 In short. I make some considerations about what kind of info ends up in a claim, and the things we expect will happen when those info are processed. I then describe what I call infrastructure claims, for the lack of a better term, and their role in authorization; and I introduce the R-STS arcology pattern, which still needs refinement but looks very promising. This is a brain dump, so it may not be as straightforward and refined as you'd like; as usual, don't forget the disclaimer :-) Different.http://blogs.msdn.com/vbertocci/archive/2008/05/05/claim-types-a-coarse-taxonomy.aspx Privacy & Money do not mix very well in Italy- May 2, 2008 Privacy is in the eye of the beholder. From time to time something happens that gives spectacular confirmation of that simple statement. Consider what happened in Italy just few hours ago. "L'agenzia delle entrate", the Italian tax agency, published on their website the all tax declarations filed in Italy in 2006 (story in English here). It is my understanding that this is perfectly common practice in various countries, like some Scandinavian nations, but in Italy that gesture simply had no...http://blogs.msdn.com/vbertocci/archive/2008/05/01/privacy-money-do-not-mix-very-well-in-i... |