techno

Web Security : a snapshot from W3C

snapshot

For the past few months the web has been in the headlines for bad reasons (but also for good reasons such as its 25th anniversary). The bad side pointed out a regular basis concerns broken servers, denial of service attacks, leaking connected-apps, massive internet monitoring… Everyone’s wondering what are we doing so wrong? Well. First, people have to eat, so business does go on. But once given food, and this is the good news, people are talking about security problems. Realizing they must change something. Alone. Together. Against. But they must move. And organizations such as the W3C are fostering those discussions. People exchange views, make alliances, start thinking about solutions. After all, this is what standardization bodies like the W3C are made for. Find collective solutions, serve both business and social interests. Let me share with you few interesting evolutions:

* Strong web apps, strong internet

Prior to the last IETF meeting, the STRINT workshop took place, the tag line of which was ‘strengthening the internet against pervasive monitoring’. From both W3C and the IETF, attendees discussed how to bind the existing internet specs to make them stronger, but also discussed new features to think about, to avoid facing more governmental invasion in the internet flow. While waiting for the report, one can read the minutes.

(more…)

Trusted Execution Environment, millions of users have one, do you have yours?

mobile phone

I have been spending few years monitoring the development of a technology named Trusted Execution Environment in standard. Switching from a quest, to a technical concept and now starting to be embedded in devices, I felt it is time to share few things about that security enabler. At the time I discovered that strange stuff, it was just a question ‘how can we make the mobile more secure?’. That question was extensively discussed in OMTP, a dead consortium of mobile network operators and device makers. They wrote some security requirements, based on well know existing attacks on mobile environments and expected someone to solve the problem. (more…)

Innovative business models : 7 take away

seven

Gemalto is setting up its innovation framework and this requires sometimes help from innovative and experienced people. Some of us were trained by Philippe Meda @merkapt, on innovative business models. Vivien Ruivaco @VivienRuivaco and I wanted to share in a post our seven take-off from training that intends to drastically shake our innovation mindset and habits. Why seven? Neither because of the movie or any specific believe. Just because that is what we got.

1.       Innovation vs invention: We would say that a first tangible measure  of “Innovation is the ability to convert ideas into invoices.”  (L. Duncan). However Innovation is about changing the market, while introducing an invention makes no turbulence on Richter scale.

2.       Innovation is a magic balance: Innovation is happening in start-ups magic pots and not in big corporation legions (i.e. big pharma business model). Therefore when a start-up is innovative, buying it and integrating it within a big corp will diluted or make imploded the inner magic.

3.       Bringing an added value: Customers pay for what you are bringing to them, which in fact is the unique value that you are able to offer them over your competitors. Hence, innovation is about bringing “added value” to your customers.

4.       Product or service, who cares?:  When discussing innovation, the product or service discussion is irrelevant. There is no difference! A product/service/solution is just a technical mean to “carry” your added value and make it real. Thus, the product or service question shouldn’t ever be the starting point of a brainstorming because nobody care about that.  By the way, everybody is now doing (or say be doing) solutions…

5.       Business model innovation: Write your own business model down the paper and challenge to twist it again and again. What if it were fab-less, what if it were open source, what if it were collaborative with your competitor, what if it were free, what if it were a software…

6.       Out of books market research: Spotted by Gartner & co? That means you are looking at invention. Reading market studies is nice… but if you want to innovate, interviewing and prototyping are better.

7.       Reality check-up: Have you ever seen a designer in your life ? No? Too bad, those guys rock to question the real life of your lovely innovative offer.

If, like us, some of those principles make you curious about good practices in innovation, then you may have a look at Philippe Meda Blog http://www.merkapt.com/.

Talking with the architects of the web

Meet the tag by Romain Huet

I was in London this week, and attended the Meet The TAG session in Google campus, closed to the Silicon Roundabout. This was an opportunity to have a conversation happening between the architects of the web and some londonien developers. On stage were present Tim Berners Lee @timberners_lee, Yehuda Katz @wycats, Alex Russel @slightlylate, Dan Appelquist @torgo, Anne van Kesteren @annevk and hidden in the crowd were Jeni Tennison @jeniT, Peter Linss @plinss, Sergey Konstantinov and Henry Thomson.

Anne started with a short presentation of TAG prerogative, in duo with Tim – the old school and the new generation, hand in hand. It was explained that the major difficulty in the TAG task was to synchronize between the different W3C working groups deliverable, making sure appropriate technologies were harmoniously available to web developers. Tim even mentioned that the objective of W3C was to make all platform features available to developers. (more…)

W3C security roadmap needs you !

W3C security sessionTwo weeks ago, W3C held its yearly event, named TPAC, gathering most W3C Working Groups, all official W3C members and most of the W3C team. This impressive stack of geeks, combined with the fact that the venue was great, and lunch and dinners were also organized by W3C, lead to an impressive density of interesting conversation. While having spied a lot, I am reporting here things related to security, which was one of my drivers to be there (in addition to friends, curiosity, and spending one week on the other side of the globe). (more…)

[ParisWeb] Security Take Away

logo-parisweb-2013

ParisWeb is a french-european event gathering web developers motivated for doing things right : quality, accessibility and standard. Last week the conference was held Place de la Bourse, in Paris downtown. That conference is known to be terrific, as people are sharing their experience, their good practice, their good feelings. Every talk is an opportunity to learn something and meet smart people. Here is a first post, reporting the security conversation that happened in Palais Brongniart. (more…)

Chip to Cloud conference : modernism and usual suspects

chip-to-cloud-2013Once a year the smart card industry meets in Nice, during an event named Chip to Cloud, co-located with the NFC World Congress and the M2M Innovation event. Chip to Cloud tagline is ‘Security Forum’. In other words, this is where you will meet the traditional security solution industry, this old good industry relying on chip/hardware/tokens (call it as you want) to secure the world. The number of tracks was impressive, as usual, but here is a take away from what I captured, between two coffees with goods friends.

The traditional industry is getting modern.

Being part of that industry since quite a long time now, we all know by heart our favorite use cases. Banking, corporate, telecom business… But this year, some new markets were mentioned. As an example social media was discussed with the underlying problem of trust in reputation. How to make sure a user is a real/good/reliable user ? (more…)