Sunday, January 09, 2011

Yippee! End to End Secure FaceBook

"A step towards being my Identity Service Provider"

In the wake of FireSheep and the ability of coffee shop squatters to harvest authentication cookies from insecure WiFi Networks, and gain "one click" access to FaceBook accounts, FaceBook have started up a new way of accessing FaceBook. With the launch of one can now have their authentication cookie, and all other data, securely transferred to and from FaceBook. While this does not solve all of FaceBook's security issues, (after all they still use Username and Password for account access!) it is a very important step. All FaceBook users should shift to this means of accessing FaceBook. Currently, it is still in a testing phase the service will be more broadly promoted in coming months.

So to benefit from "end to end secure FaceBook" change your FaceBook bookmarks now, I have!
Now all I have to do is figure out which of the many applications I use to access FaceBook use this secure protocol.
Anyone have a list?

This is a welcome step, and if FaceBook continues in this vein, I will be happy to expand my use of them as my Identity Service Provider. Recently they are more openly about positioning themselves as an Identity Service Provider, they are choosing to gain the position by slowly on FaceBook App at a time. More importantly they have the potential to gain the trust of Enterprises as an Identity Services Provider. They are more likely to achieve this status, if they comply with all the Jericho Forum Commandments.

There are some additional services and capabilities that would help me make this step. What am I missing ?

1) A revised authentication infrastructure that eliminates the use of Username and Password as the prime method of Authentication to FaceBook

2) An easy to manage Security Dashboard that allows me simple oversight and control over my web based Identities

3) A Security Monitoring Service that has the capacity to alert me when my data is being harvested, or misused

4) A means of more finely selecting which of my data I want to share with specific services that use FaceBook Connect
(Currently it is a binary decision, often "All or Nothing", with little ability to negotiate)

5) Methods of enhanced authentication, which I can choose to use for specific services that I may choose to use FaceBook Connect with.

6) Various Methods of warning when specific events, of my choosing occur. I would see three levels "Alert Ferocity"
a) Poodle: Just giving you the heads up
b) Jack Russel: Seriously annoying until you accept the alert
c) Pit Bull: Will fight to the death to get the alert through to you, no matter the cost

7) An ability to apply varied levels of friction to information flows that I can select for different types of data, or specific data elements.
a) Open = No friction, Anyone has access
b} Closed = Limited Friction, Many have access, though it is easy to share with others
c) Combination Locked = Serious Friction, fewer have access, but it is difficult to share with others
d) Key Locked = Ultimate Friction, few have access, and I am informed when they access

8) A Transaction Dashboard that allows me oversight and control of my ALL web transactions, this service will only be possible after FaceBook has really proven their ability to look after my interests.

Clearly, I expect others, not just FaceBook, to be aiming to provide these identity services and this list equally applies to them. Some providers will have more complete and robust services, others will not provide the complete range of robust and trustworthy

Source of key elements in this blog

No comments:

Post a Comment

Thanks in advance for sharing your thoughts...