I generally have two separate logins for any system on which I serve as administrator: one for routine activities (writing and editing posts) that has minimal author rights and another that has full administrative rights.

In any case, I have already hand-built some OpenID redirection pages that do what I need, so I probably won’t use the redirection features.

Regarding WordPress as an OpenID provider - there is definitely a use case for it. When I was first playing with OpenID I wanted to be my own provider if only to try to minimize the parts I was using. I’d just hate to have someone use this to authenticate their bank account.

- I’ve not tested SSL specifically in the new release, but I’m using FORCE_SSL_LOGIN with it successfully, so it appears to be working. I’ll make sure and test FORCE_SSL_ADMIN as well.

- I didn’t create the “/author/” convention, that’s built in to WordPress. You can change it with a small amount of code though - see this post.

- Could you clarify your concern about “owner delegation” and being “stuck with only one user ID”. Are you referring to the fact that you can only delegate to a single OpenID, rather than having multiple delegates, in case one fails?

- I agree that using WordPress as a standalone OpenID provider is probably not the best idea. Perhaps I’ll put some stronger language in there explaining why it’s dangerous. Nonetheless, I can’t deny that there is a use-case for it, and as you said all the pieces were basically in place. However, I have no intentions of going out of my way to make it a fully-featured provider (audit log, multiple personas, etc), given that I think it’s a bad idea anyway.

Rick Smith has a blog called Cryptosmith. Rick has written extensively on authentication, crypto, and other pressing issues. A couple of his posts to point out…

2) You raise an interesting question when you say that “modeling the immune system … might be a reasonable thing. But what does that mean in practice?”

I’m working in a private blog of my own on understanding the answer. The first thing that it says is the same as what Dan Kaminsky has been saying was the really important point raised by the DNS flaw he got so much attention for discovering: “The whole “hostile vs. safe” network myth needs to die. Every network is hostile — the DNS bug just made true something that should already have been assumed, but wasn’t. ”

There are no safe networks, not the internet or corporate WANs, or residential LANs or wireless access points. And with 100,000,000 to 150,000,000 zombies in the collective bot heards there never will be. The threats are to numerous and some of them too huge. Our BIOS’s are now as complicated as a serous OS. They are vulnerable and we are vulnerable to them. The digiatl world is no more safe than the biological world. That doesn’t mean that either isn’t a wonderful place. It just means that nowhere is safe.

Security and identity are both statistical. Survival is a matter of playing the odds, and constantly re-evaluating the odds and your strategy. We need to worry not about 100% safe, but “safe enough” to be viewed as “healthy”. We need to keep the balance of the odds in our favor.

And I think it means that we can’t leave our cyber-health to manual processes. We need systems that automatically recognize good and dangerous data and code. We need automated, adaptive protections. The threats are now automated. We will quite simply lose if we don’t adapt to them.

There was a bit in the news the other day about software tools that can diff a software update, deduce the flaw that it fixes and build an exploit to attack it. I suspect taht the process isn’t quite as clever as it was described, but that’s OK. The basic approach is sound and over time can be improved and more fully automated. If there are adaptive malicious infecting agents out there, then there had better be adaptive automatic defenses. That way lies the cyber immune system.

But there are also weaknesses to an immune syste,. They are more heuristic and probabilistic than algorithmic and deterministic. One of the things we are learning today about immune systems is that they don’t do well when they are faced with environments that are either much more or even much less septic than they were designed/developed to handle or if the threats are too alien.

Faced with too few threats, immune systems can fail in three ways:

1) Atrophy and become ineffective.
2) Attack the body they are supposed to protect, producing auto-immune diseases. see the “hygiene hypothesis”.
3) Attack innocuous or beneficial substances resulting in allergies.

Also, really nasty pathogens will target the immune system itself.

The immune system analogy even offers interesting isights into non-cyber security. Just as an immune system that has no legitimate targets can start attacking inappropriate targets giving us allergies and autoimmune systems, and just as too aggressive a focus on antisepsis and antibiotics can breed killer diseases, we can see some interesting parallels in urban security.

Here’s a quick reprise of a longer rant I deliver occassionally. In the late 60’s a police sniper took out a serial killing sniper at the University of Texas. This inspire the notion of “Special Weapons and Tactics” which was quickly adopted in LA. At the time, drug dealers were almost never armed. Drugs had a small time penalty. Guns upped the sentences hugely.

LA SWAT was only needed infrequently for its original purpose. It was highly paid and elite and had almost nothing to do for the 5 years between the Black Panthers and the SLA, so they were used on some drug busts, just to keep in shape. Drug dealers started going armed, and dealing through young armed agents, the street gangs. New highly violent street gangs quickly took over.

Today, two LA street gangs founded in the same year that LA SWAT went live have gone virulent and spread from coast to coast and into the heartland of America. And we are much less safe.

There are two lessons:
1) Immune systems and elite emergency response teams want to be used. If they don’t have an appropriate target, they will find one.

2) Pathogens, both microbial and sociopathic can be bred into extreme virulence by applying extreme measures that allow only the nastiest to survive.

Natural systems are very complex and adaptive and strategies for handling them are likewise complex. You need to understand probability, economics, risk assessment, natural selection and the law of unexpected consequences to know how to deal wit them.

Well that was long and dense, and I didn’t even give my lecture on Paris and Nicolas-Gabriel de La Reynie. Perhaps another time. In any event, I don’t claim to have the answers, just a bunch of questions and a few insights and a lot of analogies and am always looking for someone to kick them around with.

Thanks for bringing me here.

I’m currently doing some work in identity and credentials, and have been coming to the realization/opinion that both our mental and formal models in the areas of security, identity and trust are inadequate, ill-chosen or both.

My main criticism of our thinking on security is that we tend to use the mental model of the “Motte and Bailey” castle, when the situation is far more complicated, more like an immune system trying to protect a living organism in a world that can never be antiseptic. In trust and identity, it seems we’re working on the mechanisms for federating identity without having a model that allows us to evaluate more fundamental questions like “Why should organization X trust the other members of its federation?”, “What do we actually mean by ‘trust’, ‘reliance’ and ‘assurance’?”, “How do you quantify levels of trust/reliance/assurance?”, “How do organizations that chose different ID federations, PKI models, or the like cooperate, and if you can’t how do you apply digital credentials in the US (let alone the world) with its multi-tiered federated governmental structure and unmanaged free market economy?” Technical questions are interesting puzzles, but I think we need a basic understanding of the issues first.

In the one case I think a new model needs to be adopted in place of an old one, and in the other I think we need to create one. In both cases, if the model is to direct software, network, and credentialing technologies, it has to be formal, rigorous, and eventually quantifiable. And just to complicate that, if the public is going to operate in this environment and understand the systems that they are using, then there has to be a simple non-technical mental model that approximates the formal one well enough that people can have reasonable expectations as to the consequences of their actions.

The short form of my analysis is that what we have is a mess, and we shouldn’t be surprised if doesn’t work and gets worse, unless we do something about it, something that involves some clear analytic thinking. I’m struggling my way through expressing what’s wrong, evaluating some proposed models and improvements and trying to come up with solutions that I can believe in.

JimB.

Information Cards will only be secure if there are real separate cards, using embedded cryptography, in use: every security measure running directly on a PC only is vulnerable (see rootkits), and virtual Information-Cards (which are only data stored on your computer), are an invitation to pishers! They only have to upload this Information-Card Data from your Computer, and pishers get everything they like to have!

Why? There is a not curable flaw:
Everything running directly on a PC (specially with MS-Software) can be faked or spied on.

The only thing which helps is an external ID (Card or USB-Dongle) with embedded Microprocessor which handles all the communication with embedded cryptography and refuses to be spied on.

Everybody involved, but specially a readership that is no expert in security and privacy has to know this! People should know the limits and drawbacks of security. Otherwise a new circle of Insecurities and Security Breaches and even loss of personal identity Data may follow.

And, bye the way:
Information Card Users give their essential personal identity data to the companies which are issuing the Information Card - that is another vulnerability. These Companies have all the personal identity data and the possibility to access all WEB-based connections. Who is supervising these Companies? Remember lost data reported in the press?