I’m a computer software researcher, working as Internet Standards Manager for Huawei Technologies.
I spend most of my time on e-mail and antispam technology and Internet security, and on standards development in those areas. I also try to keep a finger or two in context services technology, aiming to better connect users to important (non-spam) messages while avoiding inundation by unimportant or annoying ones. For more detail, see the sections below.
I am on the editorial board for IEEE Internet Computing magazine , and I am currently an Associate Editor in Chief. I also edit the Standards department of the magazine.
I was a program chair for the 2010 Collaboration, Electronic messaging, Anti-Abuse and Spam Conference (CEAS), and have been a program chair and on the program committee during the other years of the conference.
I retired from IBM in 2009 as a Senior Technical Staff Member at IBM’s Thomas J. Watson Research center.
I am working with the Internet Engineering Task Force (IETF) on several applications- and security-related standards. I am currently serving as Applications Area Director, on the Internet Engineering Steering Group (IESG). I served on the Internet Architecture Board (IAB) from 2007 to 2009, and I participate in the Security Directorate and the Applications Area Directorate. I’m active in a number of IETF working groups including these:
- The Applications Area Working Group (appsawg) is a place for people to bring good ideas that are appropriate for the IETF Applications Area, but for which there is no active working group covering the topic. The working group will help with items that might otherwise have been individual submissions, with a goal of getting broader review and comment than would happen for individual submissions. I chaired this working group before becoming Applications AD.
- Web Authorization Protocol (OAuth) is standardizing a protocol initially developed by social-networking web sites to allow their users to provide authentication credentials so that the sites can work together on behalf of the user without compromising the user's actual login identity. I chaired the OAuth working group before becoming Applications AD.
- Hypertext Transfer Protocol Bis (httpbis). There’s a need to update and clarify the HTTP standard, in light of implementation experience and extensions that have been developed. The goal of this working group is to make those updates and clarifications, and to document implementation experience. That work is almost completed, and the group is now looking at the next version of HTTP and improved authentication mechanisms.
-
Web Security (websec).
This working group is addressing web security issues other than authentication
(that’s a much larger issue that will be considered in httpbis), starting by developing a
problem statement and survey of what the specific issues are, and moving toward standard solutions.
The solutions aim to deal with such things as cross-site-scripting attacks,
clickjacking
, and man-in-the-middle attacks. - Constrained RESTful Environments (core). Targeting applications such as building automation and sensor networks, this working group is developing protocols for application environments constrained by power and memory limitations, processor speeds, and so on. The protocols are being built on REpresentational State Transfer architectural concepts.
- Sieve Mail Filtering Language (sieve), a language for writing portable email filters. This working group has updated the existing Sieve standard, and has standardizing a number of useful extensions to it, including one specifically for spam filtering.
- vCard and CardDAV (vcarddav). This working group has updated the vCard specification, created a parallel XML schema, and developed an address book access protocol, CardDAV, based on WebDAV. It is now finishing up its work with a handful of vCard extensions.
- Email Address Internationalization (eai). This working group has developed an experimental proto-standard for allowing international characters (including non-Western scripts, such as Hebrew and Chinese) in email addresses and email headers. The group is now moving versions of those experimental documents to the standards track.
- Messaging Abuse Reporting Format (marf) was chartered to standardize a format for abuse reports (reports of spam, phishing, malware, and other sorts of unwanted messages) that can be automatically processed. The work is based on a format that had been in use experimentally, with good results; standardizing it allows it to be more widely deployed. This group worked with other standards-related bodies, such as MAAWG (the Messaging Anti-Abuse Working Group) and OMA (Open Mobile Alliance). I chaired the MARF working group, which finished its work and closed in June 2012.
-
DomainKeys Identified Mail (DKIM) developed
a standard for having the originating domain digitally sign email
messages to make it harder to
spoof
the originating address. I chaired the DKIM working group, which finished its work and closed in September 2011. - Message Organization (morg) took on a list of IMAP extensions related to sorting, threading, and searching — extensions to help users find and organize messages. I was a chair of the MORG working group, which finished its work and closed in March 2011.
Recently completed working groups:
During my last few years in IBM Research, we developed more effective antispam techniques, some of which have made their way into IBM’s Lotus software products, and some into the product line from IBM Internet Security Systems. US patent 7,475,118 covers some of this work.
In Context Services, closely connected to pervasive/ubiquitous computing work, we emphasized three areas:
For the messages themselves, we tied together e-mail, instant messaging, alerts, calendar alarms, and other similar things that can broadly be grouped into the category of “messaging”. It’s obvious that if you’ve defined e-mail from your boss to be “important”, you want to be informed quickly about new e-mail from your boss. But also, if you’ve set your calendar to give you an alarm ten minutes before an important meeting, it does little good if that alarm pops up on your desktop computer when you’re not in your office. That alarm is a “message” too, and we’ll handle it as one.
For connecting you, we handle your desktop and laptop computers, of course, but we also handle a variety of wireless/handheld devices, including cell phones (through SMS), BlackBerry(tm) handhelds, personal digital assistants (PDAs) connected through wireless modems, and other similar devices.
For winnowing important messages from the chaff of all the unimportant ones, we used advanced filtering technology that takes into account general user preferences, specific targeted filters, and user context.
User context refers to information obtained dynamically about where the user is, what she’s doing, and how she’s relating to the people around her. Is the user at home, at work, in a public place? On vacation? In a meeting? Seeing a Broadway show? Has she specified that she’s not to be disturbed? Will she be available for interruption in 30 minutes, or not for 3 hours? Is she out of town? Returning tomorrow, or not for two weeks?
All this information can be used both in the filtering, to change the definition of what “important” means (perhaps mail from my boss is important, but not if I’m on vacation unless it’s marked “urgent”), and in the delivery, deciding how to deliver a message at a particular time (if I’m at home, don’t sent alerts to my desktop computer in the office; if I’m at a show, don’t ring my cell phone).
Much of our work was focused on the context information — obtaining it, using it effectively, securing it to protect the user’s privacy. US patent 7,496,585 covers some of this work.