Wednesday, December 9, 2009

Moving Onwards from Adobe

I spent the last 16 years working at Adobe Systems. I was pretty quiet there, not writing much publicly about what I worked on. I'll say a few things about that here, and then give a hint as to where I am going next.

What I am most proud of from my time at Adobe is the security engine that we built from the ground up and put in place in Adobe Acrobat. This engine provides digital signatures and document encryption to Acrobat and PDF. The functionality that we added and the libraries that we built really are the best out there. It wasn't just me saying this: NIST loved our PKI validation engine.

It's not just that we did an outstanding job of supporting OCSP and CRLs with all the OID nuances. We also have a great, flexible chain validator, and the ability to wisely tap into the Windows platform for trust, in those instances where that trust has been properly configured within an organization.

Though I lead the engineering and, in fact, the early business effort to add these capabilities, I certainly don't take all the credit. I had an outstanding group of engineers who somehow, despite me, managed to build a solution that has integrity and robustness right down to the last line of code.

For all the years I toiled on digital signatures, we didn't see tremendous customer use early on. In fact that was a good thing, because it took a number of releases (Acrobat 4.0 through 6.0) before we were able to put into place all the bits to make the system robust.

This is changing. Adobe now has strong business support behind digital signatures (check out the Security Matters blog), folks like PDF Evangelist Leonard Rosenthal are contributing immensely to making PDF an ISO standard and PDF signatures, via PAdes, an EU electronic signature standard and the Acrobat engineering team continues to add important capabilities.

There really is no other good solution out there. PDF is the way to do electronic document signatures. Adobe has recognized this and is continuing to invest in this technology. This last release the engineers added support for long term archive signatures, a flexible certificate trust update mechanism, and better Mac OS X integration.

Aside from helping to build Acrobat, I spent a couple of years in Adobe's Advanced Technologies Labs furthering my research into security. My particular interest was in adding strong and effective security to browsers, via Flash, primarily for use with authentication and payments. If you look at OpenID and Microsoft's InfoCard, you get an idea of my area of interest. We had some really great ideas that, in my view, addressed many of the shortcomings you see today with OpenID, Facebook Connect, PassMark (RSA) and other solutions. But I'm afraid we were a bit ahead of our time. And so instead of today being able to see the fruits of that vision, you will have to wait until tomorrow to see bits of functionality dribble into the Flash APIs.

Where am I going next? It was my desire to work on a few personal projects. Now I have the freedom to do this and am working on all sorts of things ranging from presentations and business plans to technical education and coding. For the next while I am focusing on technology and this will be reflected in my blog. I'm quite enjoying reconnecting with technology after being too much of a manager for a few years. I won't say what it is that I'm working on - you'll have to watch this space to find out - but I will say it's really awesome to have the freedom to work on all aspects of a project, and not be confined by the structure of a large organization. Life is good.

No comments: