The ‘x’ in xAuth stands for…
Nishant Kaushik
I like to think I am a realist, and my initial take on the xAuth idea was that it was a good idea necessary to solve the usability issues holding back the widespread adoption of federated consumer authentication. more

The end of the beginning
Paul Trevithick
Creating a new consolidated non-profit for open identity that would combine existing groups and thereby create something quite different and new is an obvious and unoriginal idea. The question, as ever, is one of timing. Is now the moment? Kantara tried to pull this off a couple years ago, but that was too early. more

Why we need claims in Windows
Martin Kuppinger
ACLs are at least somewhat understood, claims are new. There has to be a migration path and compatibility. But if we look at all the options we have, claims appear to be the most promising concept for the future security at the operating system level. more

XAuth: First Take
Pamela Dingle
XAuth, if it succeeds, will be the antithesis of user-centric identity. It is what happens when companies with businesses to run finally realize that asking users is a thankless, hopeless task that can only get in the way. We all know it is easier to ask forgiveness than permission – for better or worse, XAuth is that principle, taken to its logical conclusion. more

Verifying identity in customer-not-present situations
Linda Musthaler, Network World
When you have any sort of Web-based business, you really don't know who is on the other end of the network. For many interactive Web applications, it's critical to verify the true identity of the consumer. Just ask Sarah Palin... more

Tools to help you manage passwords
Dave Kearns, Network World
I've always felt that way, but still got irritated at having to remember all of those passwords. So I've been a big user of SSO tools that store username/password credentials (encrypted, of course) and present them on your behalf during an authentication ceremony. more

IDENTIKEY Server Banking Edition offers complete solution for secure online banking
DigitalID News
IDENTIKEY’s standard technology featuring DIGIPASS generated one-time passwords and e-signature authentication, is now compatible for online banking services. The HSM will validate the OTP or e-signature and grant the user access to the system. more

There is more than automation
Martin Kuppinger
Flexibility is key. Flexibility for architectures, where Identity Provisioning and Access Governance tools are just one element – there might be more than one Provisioning tool, there might be SRM, existing workflows, the integration of Provisioning and Access Governance, interfaces to Enterprise Portals, and so on. And flexibility for connections to systems, by not only relying on automation. more

Patient Identification: Paving the Way for Electronic Healthcare
Frank Villavicencio, Identropy
Of no surprise -a t least to me- is the fact that at the heart of many of these challenges is the issue of how individuals are actually identified. This very issue remains a fundamental roadblock for mass adoption and, whether due to cost, privacy, or technology, all of which are essential in creating a tipping point effect that can represent a much needed paradigm shift. more

Trust and the cloud – Identities are critical
Tim Brown
Trust is one of the biggest factors when it comes to cloud security. It encompasses everything from a choosing a trusted cloud provider to establishing trust that you are who you say you are. more

Please do not change your password
Mark Pothier, Boston Globe
You will need a computer password today, maybe a half dozen or more — those secret sign-ins that serve as sentries for everything from Amazon shopping carts to work files to online bank accounts. Just when you have them all sorted out, along comes another “urgent” directive from the bank or IT department — time to reset those codes, for safety’s sake. And the latest lineup of log-ins you’ve concocted won’t last for long, either. Some might temporarily stay in your head, others are jotted on scraps of paper and stuffed in a wallet. A few might be taped to your computer monitor in plain view (or are those are from last year’s batch? Who can remember?). more

SMS two-factor authentication for electronic identity verification
Randall Gamby, SearchSecurity
The tokens are costly for large populations of users and hard to manage for users outside the organization, like customers and contract workers. This is because in order to use these devices, companies are required to first purchase the hardware tokens, put in place processes for provisioning them, educate users on their physical protection and usage, and manage the problem of careless users losing their devices. more

Federated ID Management: The Time is Now
Linda McGlasson, Bank info Security
When the Obama Administration did its Cyberspace Policy Review last May, one of its key recommendations was that the U.S. needs to build an identity management vision and strategy for the nation. This level of attention at a national level is what Smedinghoff thinks is attracting a lot of attention both domestically and internationally as a key solution to really scaling electronic commerce and electronic business activities to a higher level. more

Identity management in cloud computing courts enterprise trust
Laura Smith, SearchCIO
Federating identity management makes sense, especially in a cloud environment where users are logging onto to multiple systems within and outside the firewall, Kramer acknowledged. Internal IDM is all about account provisioning, assigning user access to systems and resetting end user passwords; interbusiness IDM is about identity mapping within a partner's context. more

Handling Change in IAM: Vendors and Customers
Earl Perkins
I recently completed a move into a newly-built home, my first (and hopefully only) experience with building a home. In all of the chaos of getting things done, it struck me how there are similarities in moving and the IAM market. Yes, I know you can make analogies about almost anything, but stay with me here. more

Dying for mail
Dave Birch
What we really need, as a society, is proper security and privacy technology and we are an awfully long way from seeing this introduced at all, let alone introduced into probate law or custom and practice. more

3 Insights on Developing a Deprovisioning Policy
Ash Motiwala
Deprovisioning Policy is typically more complex than a simple policy that states that when HR says a person is terminated, the identity system terminates the user's access to all systems. Here are a few things to consider when developing your Deprovisioning Policy. more

Governance the next Era of Identity Management
Matt Flynn
I spoke to an analyst recently who was hoping to see additional convergence between identity management, access governance, and compliance solutions. I think we can probably all agree that it would be nice. In my opinion, we're at least a few years out from that. Not because of technology, but because we need customer demand to drive it. more

Authentify Releases EFT Verifier™ to Thwart Unauthorized Electronic Fund Transfers
Business Wire
Authentify’s ETF Verifier™ can be invoked whenever a new payee is added to an online payment or wire enabled account. The Totally Out-of-Band Authentication process or TOOBA, sends an XML message to Authentify’s telephony service center. The message triggers a phone call to a telephone number for the account owner. Transaction details including payee identification is repeated via phone to the account owner and allows the user to approve or cancel the transaction via the telephone keypad. more

Potential technologies that consumers may use for online ID
NFC News
Obama’s group, the National Strategy for Secure Online Transactions, may eventually recommend ways for consumers to be vetted, some type of background check, and a technology they can use for better security when conducting business online. The president wants consumers to use strong authentication, something more than user name and password, which will most likely add another security factor, say officials familiar with the project. more

Lighthouse to Demonstrate Leading-Edge Cloud-Based Identity and Access Management Solution
Business Wire
Identity and Access Management (IAM) is a complex challenge faced by organizations worldwide, and the introduction of cloud applications threatens to further exacerbate the matter. IAM solutions have recently emerged that use the public cloud to achieve deep cost reductions without diluting performance. more

Open Identity: the end of childhood, the age of assurance
Nico Popp
So, what do the trusted cloud initiative, Obama's new health care bill, and next generation online payment have in common? They all require federation and stronger forms of authentication to enable trust and protect against fraud. more

OpenID Issues List
George Fletcher
Yesterday at the OpenID Summit a number of companies presented on the issues they have experienced with evaluating and/or deploying OpenID. Here is my summarized list in no particular order more

Identity Standards Refresh
Michael Versace
It appears the industry sees an opportunity, as two standardization efforts, with significant vendor backing, have emerged in the wake of the RSA 2010 conference and its focus on cloud. These intend either to fill in identity management standards gaps or develop new services that create more interoperability across existing identity standards. more

Gmail Adds Support for OAuth Authentication
Google Operating System
Google Code blog announced that Gmail started to support OAuth authentication for IMAP and SMTP. What this means is that developers will be able to create applications that use Gmail data without requiring to enter your password. more