For me, 2012 was a year full of challenges, setting up ways to meet peers (Facebook) and gaining experience in online identities, software testing and compliance .
This I want to continue in 2013.
Next year I want to deepen my security knowledge about online sharing protocols like UMA, OAuth2 , OpenID and my adventures (work experience, conference meetings) will be highlighted.
Also, I will continue to follow the news on privacy , big data and compliance and blog about this to express my views on these subjects, which will be combined in 2013.
Papers will be written, conferences will be visited and no worries, software and protocols will be tested.
All thoroughly done to give you a quality up to date repository about testing Software as a Service, with a flavor of online identities.
See you all in 2013 on Facebook, TestingSaaS-blog and Twitter!
And perhaps in real life too!!
Showing posts with label UMA. Show all posts
Showing posts with label UMA. Show all posts
Monday, December 31, 2012
Monday, April 16, 2012
UMA Interop Testing at European Identity Conference 2012
Kantara Initiative's User-Managed Access WorkGroup (UMAWG)will reach a new milestone this month.
The UMAWG will be present at the European Identity Conference on April 17th in Munich (today).
It's mission: to show some UMA real-world examples during the Kantara Initiative Summit , which is chaired by my good friend Joni Brennan.
These examples include SMARTAM.org and a UMA-based app by Fraunhofer AISEC.
Before the UMA-show UMAnitarians have been busy with interop testing of the mentioned UMA examples.
Between 12.00 and 13.30 the UMAWG will share it's latest status, it's heritage with Oauth and OpenIDConnect and the status of the current implementations.
Unfortunately I can't be present today, but through blogs and tweets I will support my fellow UMAnitarians in answering questions and giving info on interop testing.
The UMA Interop won't be finished this day, it's just the beginning.
Because OpenID has a very good wiki on OpenID interop testing, OSIS, the UMAWG asked OSIS for help with setting up a UMA interop wiki.
With the help of the OSIS folks the UMAWG will make an effort to start interop testing of all available UMA implementations.
UMAnitarians and other UMA-interested people are invited to take a look at the OSIS-wiki and start interop testing their
UMA-based apps the OSIS-way.
Exciting times ahead for the UMAWG.
No worries, the quality of UMA is my gig, bugs are NOT allowed!
The UMAWG will be present at the European Identity Conference on April 17th in Munich (today).
It's mission: to show some UMA real-world examples during the Kantara Initiative Summit , which is chaired by my good friend Joni Brennan.
These examples include SMARTAM.org and a UMA-based app by Fraunhofer AISEC.
Before the UMA-show UMAnitarians have been busy with interop testing of the mentioned UMA examples.
Between 12.00 and 13.30 the UMAWG will share it's latest status, it's heritage with Oauth and OpenIDConnect and the status of the current implementations.
Unfortunately I can't be present today, but through blogs and tweets I will support my fellow UMAnitarians in answering questions and giving info on interop testing.
The UMA Interop won't be finished this day, it's just the beginning.
Because OpenID has a very good wiki on OpenID interop testing, OSIS, the UMAWG asked OSIS for help with setting up a UMA interop wiki.
With the help of the OSIS folks the UMAWG will make an effort to start interop testing of all available UMA implementations.
UMAnitarians and other UMA-interested people are invited to take a look at the OSIS-wiki and start interop testing their
UMA-based apps the OSIS-way.
Exciting times ahead for the UMAWG.
No worries, the quality of UMA is my gig, bugs are NOT allowed!
Saturday, May 14, 2011
Internet Identity Workshop 12: seen by a Tester
A week ago the Internet Identity Workshop 12 took place in the Computer History Museum in Mountain View, California.
Three days (3-5 May) listening to and discussing the latest trends in Internet Identity protocols, enterprise identity management etc. from a user-centric view.
Boring, no way!!
First of all, it wasn't a normal conference, with fancy presentations and the audience neatly listening and asking questions afterwards.
Nope, this was an unconference, where every day at the beginning the schedule is made of people who want to discuss or present thoughts on user-centric online identities.
This agenda can then be viewed on a big wall in the centre of the conference hall, which I thought was a very good and pragmatic way to schedule the proposed sessions.
Well, time to get dirty I thought, and the first day I already hosted 2 sessions , 1 on security measures for identity protocol flows (always nice to test those :-) ) and also the pros and cons of using OAuth in online banking (you never know in the future).
Very nice sessions where I could discuss my thoughts as a tester with identity experts from different industries, like telco, finance and computer hardware.
However, I wasn't here only to gather info,together with XMLgrrl (the 1 and only :-) ) and the guys from Newcastle Uni. (great to see ya folks!),I did a little PR for UMA, which was very effective, because UMA was also spoken in sessions where UMAnitarians were absent :-).
Next to this, The Newcastle Uni. guys did a kick-ass Ipad(!)demo of their SMART-project. Great stuff to see.
But wait, there is more. I saw sessions about companies wanting to become a relying party, identity-policies between US and Europe, personal data stores, online vaults and many more.
And not to forget the Trust Frameworks, which are being developed for different industries, and have complex flows to test.
For a bloke from Europe, the sessions about NSTIC were very interesting to see: what does the US-government want to do with the trusted identities in cyberspace?
Thanks for the helpful info there guys. It made things clear about how the Americans want to deal with identity in cyberspace, although not every attendee agreed, which made a nice discussion.
I could go on and on about the IIW12, but I want to keep my blogs short.
I had a great time, learned a lot and it's encouraging to see the IIWs are also already taken place in Europe. A great way to stay updated on the work in user-centric identities, which are getting more important every day for everyone involved in internet development..
Any questions about the IIW? Just send me an email or call me.
So, my Silicon Valley Trip (and San Fran ;-) ) was fantastic, let's see where my next adventures will be.
Hmm, perhaps Hawaii??
Three days (3-5 May) listening to and discussing the latest trends in Internet Identity protocols, enterprise identity management etc. from a user-centric view.
Boring, no way!!
First of all, it wasn't a normal conference, with fancy presentations and the audience neatly listening and asking questions afterwards.
Nope, this was an unconference, where every day at the beginning the schedule is made of people who want to discuss or present thoughts on user-centric online identities.
This agenda can then be viewed on a big wall in the centre of the conference hall, which I thought was a very good and pragmatic way to schedule the proposed sessions.
Well, time to get dirty I thought, and the first day I already hosted 2 sessions , 1 on security measures for identity protocol flows (always nice to test those :-) ) and also the pros and cons of using OAuth in online banking (you never know in the future).
Very nice sessions where I could discuss my thoughts as a tester with identity experts from different industries, like telco, finance and computer hardware.
However, I wasn't here only to gather info,together with XMLgrrl (the 1 and only :-) ) and the guys from Newcastle Uni. (great to see ya folks!),I did a little PR for UMA, which was very effective, because UMA was also spoken in sessions where UMAnitarians were absent :-).
Next to this, The Newcastle Uni. guys did a kick-ass Ipad(!)demo of their SMART-project. Great stuff to see.
But wait, there is more. I saw sessions about companies wanting to become a relying party, identity-policies between US and Europe, personal data stores, online vaults and many more.
And not to forget the Trust Frameworks, which are being developed for different industries, and have complex flows to test.
For a bloke from Europe, the sessions about NSTIC were very interesting to see: what does the US-government want to do with the trusted identities in cyberspace?
Thanks for the helpful info there guys. It made things clear about how the Americans want to deal with identity in cyberspace, although not every attendee agreed, which made a nice discussion.
I could go on and on about the IIW12, but I want to keep my blogs short.
I had a great time, learned a lot and it's encouraging to see the IIWs are also already taken place in Europe. A great way to stay updated on the work in user-centric identities, which are getting more important every day for everyone involved in internet development..
Any questions about the IIW? Just send me an email or call me.
So, my Silicon Valley Trip (and San Fran ;-) ) was fantastic, let's see where my next adventures will be.
Hmm, perhaps Hawaii??
Sunday, January 16, 2011
Testing UMA means testing controlling an individual's online data by himself!
One of the reasons I joined the UMA-WG, was that I wanted to be involved in a project right from the specs and not when it is time for systemtesting. Next to that, the concept of UMA fascinates me and worth making me sweat!
The active discussions we have about the testability of the specs inspire me to improve my work as a systemtester.
The implementations of UMA can be in legious domains: enterprise, government, education, e-commerce etc. etc.
This makes it a project where IT-architects from different domains can work together making user stories and use cases and improve this user centric authorization protocol.
Yes, we also have OpenID and OAuth, but, IMFO, OpenID is for authenticating the user and OAuth for authorizing it.
UMA let an individual control the authorization of data sharing and service access made between online services on the individual's behalf, as a layer on OAuth. It doesn't involve the authentication, but is very much dependent on OAuth and its possible changes, which are very much monitored by the UMA-WG.
A few years ago I started this blog, because I wanted to share my thoughts on testing SaaS and identity. The latter, because, IMFO, testers were mixing up authentication and authorization, which is disturbing, because it are important elements of web2.0, online user-interactivity.
With OpenID I started, but UMA drives me more because it is fresh, very user-centric and can be interoperable with OpenID through OpenID/AB, melting two of my favorite testsubjects (authentication and authorization) in one.
I wait for the day I can test an online user-interface (say banking :-) ) where an individual, with the help of the UMA-protocol, can control the data he or she wants to share with third parties, on the individual's behalf.
Something worth sweating for!
The active discussions we have about the testability of the specs inspire me to improve my work as a systemtester.
The implementations of UMA can be in legious domains: enterprise, government, education, e-commerce etc. etc.
This makes it a project where IT-architects from different domains can work together making user stories and use cases and improve this user centric authorization protocol.
Yes, we also have OpenID and OAuth, but, IMFO, OpenID is for authenticating the user and OAuth for authorizing it.
UMA let an individual control the authorization of data sharing and service access made between online services on the individual's behalf, as a layer on OAuth. It doesn't involve the authentication, but is very much dependent on OAuth and its possible changes, which are very much monitored by the UMA-WG.
A few years ago I started this blog, because I wanted to share my thoughts on testing SaaS and identity. The latter, because, IMFO, testers were mixing up authentication and authorization, which is disturbing, because it are important elements of web2.0, online user-interactivity.
With OpenID I started, but UMA drives me more because it is fresh, very user-centric and can be interoperable with OpenID through OpenID/AB, melting two of my favorite testsubjects (authentication and authorization) in one.
I wait for the day I can test an online user-interface (say banking :-) ) where an individual, with the help of the UMA-protocol, can control the data he or she wants to share with third parties, on the individual's behalf.
Something worth sweating for!
Subscribe to:
Posts (Atom)