The 6th edition of the Internet Identity Workshop took place at the Computer History Museum in Mountain View, CA last week (May 12-14). The OASIS IDtrust member section was a co-sponsor, and for good reason: there was very strong interest in the OASIS XRI digital identifier and XRDS service discovery specifications (both undergoing voting as an OASIS Standard this month).

Read more

Bruce Schneier last month reported on the RSA Conference and how security exhibitors are complaining that visitors to their stands aren't buying much. 

In respect of selling security in general, he points out that people don't usually buy car safety components, and neither should they buy information security per se. I couldn't agree more -- I believe that security should be sold on a sort of wholesale basis.

Read more

Here's one of the most bizarre lines I've ever seen in biometrics and national security:

Fingerprints 'not particularly private,' security czar says
Edmonton Sun, Thu 10 April 2008
http://www.edmontonsun.com/News/Canada/2008/04/10/5244996-sun.html

Read more

We should be in the middle of a true paradigm shift, to a new worldview based on a plurality of identities. The Laws of Identity point with great clarity to the reality that we each lay claim to a suite of identities. My own work in PKI over the years (see e.g. Public Key Superstructure) has led to a firm belief in the usefulness of multiple digital certificates, mapping on to multiple real worl identities.

Read more