Security and Web 2.0

In a past blog, I talked about the importance of building 'quality' Web 2.0 applications, that is, addressing performance, scalability, security, reliability dimensions (in addition to usability and user experience).

I want to focus on Security in this blog, and in particular, Identity Management on Web 2.0.

Do you suffer from password fatigue? is your partner concerned about phishing sites? Does your Mum have a bunch of post-it notes with username/passwords written on them stuck around her desktop?

Check out the Identity Metasystem vision. I particularly love Kim Cameron's 7 Laws of Identity, this is excellent guidance for everyone for building robust Identity Management solutions, at a technology agnostic level.

The even better thing is that all these thinkings and implementations are based on WS-* standards such as WS-trust, WS-MetadataExchange.

For the developers out there, you'd be interested to hear that Infocard - which is a key piece of the Identity Metasystem's identity selector technology, is available through this download site (either as part of Vista, or as part of WinFX). Lots of cool demos are available showing how identity management can happen in the tri-party scenario involving 'Relying Party', 'User/Subject', and 'Identity Provider'.

I've got Infocard running right now on my Vista machine (Digital Identities button under Control Panel), it's great fun!