The ‘x’ in xAuth stands for…
Nishant Kaushik
I like to think I am a realist, and my initial take on the xAuth idea was that it was a good idea necessary to solve the usability issues holding back the widespread adoption of federated consumer authentication. more

The end of the beginning
Paul Trevithick
Creating a new consolidated non-profit for open identity that would combine existing groups and thereby create something quite different and new is an obvious and unoriginal idea. The question, as ever, is one of timing. Is now the moment? Kantara tried to pull this off a couple years ago, but that was too early. more

Why we need claims in Windows
Martin Kuppinger
ACLs are at least somewhat understood, claims are new. There has to be a migration path and compatibility. But if we look at all the options we have, claims appear to be the most promising concept for the future security at the operating system level. more

XAuth: First Take
Pamela Dingle
XAuth, if it succeeds, will be the antithesis of user-centric identity. It is what happens when companies with businesses to run finally realize that asking users is a thankless, hopeless task that can only get in the way. We all know it is easier to ask forgiveness than permission – for better or worse, XAuth is that principle, taken to its logical conclusion. more

There is more than automation
Martin Kuppinger
Flexibility is key. Flexibility for architectures, where Identity Provisioning and Access Governance tools are just one element – there might be more than one Provisioning tool, there might be SRM, existing workflows, the integration of Provisioning and Access Governance, interfaces to Enterprise Portals, and so on. And flexibility for connections to systems, by not only relying on automation. more

Patient Identification: Paving the Way for Electronic Healthcare
Frank Villavicencio, Identropy
Of no surprise -a t least to me- is the fact that at the heart of many of these challenges is the issue of how individuals are actually identified. This very issue remains a fundamental roadblock for mass adoption and, whether due to cost, privacy, or technology, all of which are essential in creating a tipping point effect that can represent a much needed paradigm shift. more

Trust and the cloud – Identities are critical
Tim Brown
Trust is one of the biggest factors when it comes to cloud security. It encompasses everything from a choosing a trusted cloud provider to establishing trust that you are who you say you are. more

Dying for mail
Dave Birch
What we really need, as a society, is proper security and privacy technology and we are an awfully long way from seeing this introduced at all, let alone introduced into probate law or custom and practice. more

3 Insights on Developing a Deprovisioning Policy
Ash Motiwala
Deprovisioning Policy is typically more complex than a simple policy that states that when HR says a person is terminated, the identity system terminates the user's access to all systems. Here are a few things to consider when developing your Deprovisioning Policy. more

Governance the next Era of Identity Management
Matt Flynn
I spoke to an analyst recently who was hoping to see additional convergence between identity management, access governance, and compliance solutions. I think we can probably all agree that it would be nice. In my opinion, we're at least a few years out from that. Not because of technology, but because we need customer demand to drive it. more

Open Identity: the end of childhood, the age of assurance
Nico Popp
So, what do the trusted cloud initiative, Obama's new health care bill, and next generation online payment have in common? They all require federation and stronger forms of authentication to enable trust and protect against fraud. more

OpenID Issues List
George Fletcher
Yesterday at the OpenID Summit a number of companies presented on the issues they have experienced with evaluating and/or deploying OpenID. Here is my summarized list in no particular order more

Gmail Adds Support for OAuth Authentication
Google Operating System
Google Code blog announced that Gmail started to support OAuth authentication for IMAP and SMTP. What this means is that developers will be able to create applications that use Gmail data without requiring to enter your password. more

It’s gonna be a jam-packed May for Identity
Nishant Kaushik
First up is the European Identity Conference in Munich from May 4-7. Kuppinger Cole does a good job putting together an interesting agenda with a broad array of speakers and a lot of local perspective, something those of us from across the pond don’t always get the opportunity to share. more

Password Management Made Easy
ssutapalli
And for an employee, remembering passwords and managing them is another tedious job. As an employee, I always wanted to have an application or some alternative to manage all my passwords at one place. more

Proving Your Identity To A Secure Website, With A Cellphone
Biometric Technology Store
How do you implement secure, trusted access to web applications for your customers, using cell phones, two-factor authentication and strong identity management? In more simple terms, how can you most easily establish a strong “trust” with an online customer who wants to buy your products or services? more

Securing Your Road to Virtualization & Cloud: Privileged Users, Here They Come Again
Shirief Nosseir, CA
For virtual platforms (as well as internal private clouds), the risk of not managing privileged users is too high to ignore compared to traditional environments. Without virtualization, each critical server is typically dedicated to providing a single service only (DBMS, application server, business portal, etc). In contrast, it is both the beauty and the curse of virtualization that we do run several server instances on the same physical machine, which now might host a complete application stack used to support an entire business area... more

Guide to Claims-Based Identity and Access Control
Jackson Shaw
Is the Active Directory schema still the tail that’s wagging the dog after 10 years?! Honestly, how can we progress if this will be the attitude of our IT departments? more

Apps, Identity Agents, and Personal Data Stores
Paul Trevithick
This post summarizes the three architectural layers: application, identity agent, and personal data store (PDS) needed to achieve the vision many of us share of user-managed identity, data portability, VRM, motherhood, and apple pie more

The Pushmi-pullyu problem of assurance
Eve Maler
What’s LOP? In short, it’s the reciprocal of LOA. Whereas relying parties want to ensure that the data they’re getting is good when they get it, data subjects and their identity providers want to ensure that the data will be protected and treated with respect when it gets there. more

Email Verification and Identity Federation
George Fletcher
If I can log into the web site using an identity I already have, what does this mean for the email verification process? Does the web site need to still send me through that out-of-band email verification process? more

Enabling Single Sign on with OpenID for the Google Apps Marketplace
Ryan Boyd, Google Apps Marketplace Team
We chose to power our Single Sign On (SSO) using OpenID because it’s the predominant open standard for federated identity on the web. The protocol is supported by a large number of OpenID identity providers and many sites around the web accept it. And to make Single Sign On easy to access, Marketplace apps also plug in to both the universal navigation bar inside Gmail, Calendar, Docs, and Sites, as well as the administrative control panel. more

Identity Activity Monitoring
Frank Villavicencio
We define it as an approach to identity management by which the organization can gain visibility, albeit on a read-only basis, on what end users are doing within its IT environment by correlating various traces of activity related to these users. This correlation is predicated on the accuracy of the organization's mapping of different identity attributes across the various IT assets that are tracking activity, which in most cases will mean the accuracy and quality of your identity data or your user directory. The latter is a good predictor of your IAM program's effectiveness. more

Mozilla Discusses The Future Of Online Identity Management
Arpit Kumar
This concept project will develop a new way to access your accounts on different websites. It will try to develop a protocol definition that sites can use to define and maintain their account-and-session management features, and a browser implementation of this protocol. Once realized, this technology will enable users to simplify the process of accessing their accounts on supported websites. more

Versatile authentication – break-through for mass adoption of strong authentication?
Martin Kuppinger
Reusing existing strong authentication technologies for more use cases makes things cheaper. Being able to use expensive very strong authentication where required but relying on other, cheaper, and appropriate technologies in other use cases reduces costs. Logistics for reused strong authentication technology is cheaper. All use cases, including external users like customers and suppliers, can be supported. more

Identity Governance Builds Buzz at Gartner IAM Summit
Kevin Cunningham
Two years ago, it was difficult to find many people who clearly understood the difference between what they were getting from their provisioning vendor and a true identity governance solution, so we spent a lot of time on basic education. more

Google heats up OpenID
John Fontana
OpenID and OAuth will work in tandem to provide single sign-on to third-party applications that are OpenID relying parties. In fact, the recommendation from Google is that application developers simply provide a button that says "Sign in using a Google Apps account" instead of presenting a log-in box. more

The business of business is trust
Tim Cole
The role of government, Jánszky says, is simple: Stop trying to build walls around the consumer and instead focus on passing laws that enable companies to use personal information, provided they do so in a responsible way and with the full content and oversight of the consumer. more

SAML vs. XACML for Authorization: VHS versus Betamax?
Jackson Shaw
Who will win the war? I don’t know but there’s something to be said about the fact that progress is being made faster with SAML than XACML. more

Can authentication be both strong and flexible?
Sebastian Rohr
Whether you want to place a bid at Bay, check your bank balance online or your credit rating at Schufa or Experian, or access your corporate SAP account: Instead of asking you to please enter your user name and password, chances are the system nowadays will demand some other method of authentication like a token or a smartcard, or it may offer to scan your finger or iris. more

Talking end-to-end identity management for the cloud (AuthN/AuthZ)
identityjunkie
AD FS provides Web SSO for on-premise and internet browser based applications. FIM 2010 provides enterprise identity management in the form of provisioning, synchronization, and workflow. Both are products of the Microsoft ForeFront Security Suite. more

Holy grail or another false start for identity
iBanks
Something that is holding up ecommerce and development of serious commercial actiivty online is the matter of identity. There are many proposed solutions but the fact remains that they are disparate and all fail in the sense that you cannot have one identity online and choose which parts to share with those sites you visit. more

Back to the basics – you still need “core IAM”
Martin Kuppinger
Thus, you shouldn’t ignore Identity Provisioning, Virtual Directory Services (still one of the most valuable technologies in IAM and one of the best hidden secrets at the same time), or Enterprise SSO. more

U-Prove Minimal Disclosure availability
Kim Cameron
But today, just for once, I’m going to pick up an actual Microsoft press release and lay it on you. The reason? Microsoft has just done something very special, and the fact that the announcement was a key part of the RSA Conference Keynote is itself important more

Sears OpenID UX Summit Retrospective
JanRain
Last Thursday over 60 OpenID advocates met at Sears World Headquarters in Chicago for a full day of discussions on progress to date and future plans for OpenID deployment and utilization. There is a summary of the event on the OpenID Foundation wiki. See Twitter coverage of the event with the hash tag #openidux more

Microsoft releases its privacy-enabling U-Prove technology
Felix Gaehtgens
Privacy issues have been holding back use of many applications, most commonly because they required a level of trust that most users were not willing to give. Age verification for example via a credit card, was a problematic area. more

Lady Gaga as the Killer App: Moving Identity into the Cloud
Mike Kirkwood
Today, at the Open ID User Experience Summit, a jaw-dropping statistic was given that 89% of users coming to LadyGaga.com chose a third-party logon rather than create a new account. "Signup with Facebook, Twitter, or MySpace" is the default option on LadyGaga.com - and it works. more

Multi-factor Authentication and the Cloud
Tim Hastings, ReadWriteCloud
The number of groups involved in an authentication mechanism gives us the number of factors required to authenticate. For example, a passport relies on two factors: possession of the passport and that the person holiding the passport looks like the photograph in it (except a little older and fatter.) more

Kantara Initiative One Year Later (Almost)
Matthew Gardiner
At this year's RSA 2010 Conference the Kantara Initiative is celebrating its first birthday with a day-long workshop entitled Technology, Policy, and Compliance for Identity Services in 2010 & Beyond. It was just a year ago at the RSA Conference 2009 that a number of organizations publicly announced their intention to found this identity focused industry consortium. more

Interfederation 101
JISC
One of the most discussed topics within the federation space at the moment is ‘interfederation’. This describes the process of two or more federations exchanging metadata to allow members within different federations to connect via a federated access management exchange. This process results in a ‘metadata aggregation’ – the subject of a useful paper by Ian Young and Chad La Joie. This briefing paper is intended to give an overview of the current thinking behind interfederation at the current time. more