Thursday, January 07, 2010
Google, OpenID and Chris MessinaToday's announcement that Chris Messina is joining Google is certainly good for Chris, probably good for Google - but what about the openID Foundation?
As of today, Google has 3 members of the Board of Directors, their corporate rep (Eric Sachs), and "community" reps Messina and Joseph Smarr. That's 3 out of the 19 board members.
I should note that Yahoo has two members, a corporate one (Raj Mata) and a community one (Allen Tom), as does Microsoft (Mike Jones and Dick Hardt).
I do think that any corporate member should be prohibited from also having employees hold community seats. Not that I have any indications that messrs. Messina, Smarr, Hardt or Tom would vote against their own principles, but people's principles are influenced by those of the culture in which the perform their daily employment tasks.
Over and above that consideration, though, should be the desire to avoid even the appearance of a conflict of interest.
Maybe it's time the Foundation adopted a rule prohibiting such perceived conflict.
Sunday, September 21, 2008
Makes me look nice...The Register's Ted Dziuba makes me look like a group-hugging flower-child with his latest story ("OpenSocial, OpenID, and Google Gears: Three technologies for history's dustbin"):
"What about OpenID, the best damned federated authentication scheme the world has ever seen, but nobody in the world can figure out how to use?"or
"This situation gets really dangerous when you start to involve people from San Francisco. Every person who lives in San Francisco has the intention of starting a nonprofit organization of some sort. Therefore, if you collect a bunch of Web 2.0 engineers in San Francisco, the inevitable outcome is the OpenSocial Foundation: a nonprofit organization that only exists to support an API for programming social network applications."Peace and love, children.
Monday, September 15, 2008
Google-oopsA big tip o'the hat to Kim Cameron who today points out a security white paper from US-CERT describing an incredibly bad - and incredibly naive - security vulnerability in Google's SSO implementation.
The kicker isn't that there is a vulnerability, but, as Kim says, "the surprising fact is that the errors made are incredibly basic."
The Google wunderkind evidently ignored major parts of the SAML spec (while claiming to be SAML compliant) leaving the SSO completely open to the most basic insider attack. More incredibly, they extended this vulnerability to third parties so that their insiders could get in on the attack!
Gogle just turned ten, but it's thinking is more like that of a 17-year-old, one who knows what they want to do and can't be bothered to cross all the t's and dot all the i's in their head-long rush for personal fulfillment. They also think they'll live forever, and that they discovered sex (drugs, rock & roll, whatever). It's a very dangerous age but - if they survive it - they may go on to do great things. My hope is that the rest of us survive it, also.
© 2003-2006 The Virtual Quill, All Rights Reserved Home