What The White House Cybersecurity Proposal Means: Don't Miss Jonathan Penn's Take

If you're in the habit of checking out only the Security & Risk Professionals blog, you might have missed Jonathan's takeaways over on the Vendor Strategy side: What The New White House Cybersecurity Proposal Means For The IT Security Industry, Businesses, And Consumers. Interestingly, he puts consumers in both the "winners" column and the "losers" column. Read the post to see why, and feel free to share your thoughts with us on these matters!

Protecting Internal APIs — Is OAuth Ready For Its Closeup?

Two years ago, the OAuth API protection mechanism was a fairly well-kept secret. It actually won an award at the 2009 European Identity Conference for "best new/improved standard," but most people didn't seem to have figured out what it was good for yet; I felt like I was the only one even talking about it.

Fast forward a bit, when Facebook started using an early draft of OAuth 2.0 in its Open Graph-based platform, and then a bit more, when Twitter started requiring OAuth 1.0a use by third-party developers (known amusingly as the OAuthcalypse), turning off the HTTP Basic authentication option. And now we're in a world where cloud developers talk casually about the "open API economy" and the ease of getting work done by building RESTful apps, and OAuth is making star appearances in recent gatherings of influential software architects and developers I've attended, such as The Experts Conference and the Internet Identity Workshop.

Read more