A Journal of
Identity Management


Help Wanted

Newsletter archive (Network World)

The latest Musings, Opinion and Thoughts from the gurus of Digital Identity

Thursday, Jun 24

Thoughts on SCIM
But will SCIM be accepted where SPML was not? I don't know, but I think there is a decent chance. more

Federated identity continues to dominate TV Everywhere access, study shows
John Fontana
The Diffusion Group (TDG), a digital media analyst and market strategy firm, says by 2016 most consumers will subscribe with a content distributor, what TDG calls can Operator, to access TV Everywhere services as opposed to directly contracting with content providers. The model involves content programmers (channels such as HBO), content distributors (cable or other PayTV service providers) and end-users more

SOPA lining up to poison identity federations, expert says
john fontana
The government has committed multi-millions to helping the private sector build an identity layer for the Internet. But one analyst says either the Stop Online Piracy Act (SOPA) and the Protect IP Act (PIPA) could result in one government action rendering another moot and bungling the promise of secure IDs. more

Collective Punishment: SOPA and Protect-IP are Threats to NSTIC and Federated Identity
Ian Glazer
Consider the imaginary example of the University of Imagistan. The University is renowned for its comparative literature, geology, and biology programs as well as it its study-abroad program. The University recently upgraded a section of its website dedicate to excellent study-abroad program, hoping to attract more students from the US more

Passwords tangled in Fifth Amendment
John Fontana
A bank fraud case in Colorado could help determine the legal protection of users who password protect data. In the case, a woman is arguing that giving up her password to unlock encrypted data stored on a laptop is a violation of her Fifth Amendment rights. more

Bridging the Sign-On Gap in the Cloud
B Shashikumar, Oracle
With a plethora of user names and passwords to remember, end users are already frustrated. Adding multiple cloud applications to the mix makes it even more difficult for end users and increases the help desk call volume. Single Sign-On can bridge the gap between the enterprise and the cloud while reducing user frustration. more

UnboundID Ships SCIM Enabled Products
Trey Drake, Architect
SCIM product support comes in the form of the UnboundID SCIM Server Extension. Implemented natively within our directory and proxy servers, the extension enables UnboundID servers to speak the lingua franca, JSON/ReST, of the web at carrier-grade scale. more

Passwords are better off dead
Bill Brenner, CSO
Microsoft has acknowledged the need to move beyond passwords before, said Ken Russ, a security infrastructure specialist. But the company's last attempt at authentication technology, the Passport single sign-on service, was unsuccessful. more

Trust Frameworks - what is needed is trust.
Tony Fish
Then the purpose of the Trust Framework is to define a simple set of principles and rules to which all members of a digital trust network agree so that they may then share identity and personal data with a high degree of confidence that it will be safe and only used as authorized. more

In retrospect of 2011
Sebastian Rohr
The last issue about selling an IAM suite I was curious about still remains unsolved: what to do if customers already have some components in place and will not want to migrate those? Selling a suite into a large organization may be like dumping a large black monolith into their IT. more

SCIM cloud provisioning standard reaches a major milestone
Eve Maler
What does SCIM itself mean for security pros? It's allowing more IT organisations to synchronise identities automatically with their cloud service providers more

Quest in the 'Challengers' Quadrant for User Administration
Jackson Shaw
We were rated much better than last year and, I believe, that's partially in recognition of both the acquisitions we have made and the hard work of all the folks in sales, marketing and product management. more

UMA: Trust in a distributed authorization system
Domenico Catalano
Many literatures try to define the concept of trust. According to the ITU-T X.509, Section 3.3.54, trust is defined as follows: "Generally an entity can be said to 'trust' a second entity when the first entity makes the assumption that the second entity will behave exactly as the first entity expects." more

Welcome to 2012, aka the pivotal year for BYO
With more and more users bringing laptops and smartphones to work, CIOs are losing sleep worrying about how to address the business and security risks related to the burgeoning phenomena in today's mobile, always-on, cloud based business environment, especially outside the corporate firewall. more

Quo vadis?
Dave Kearns
Every identity and security guru worth his salt has at one time or another (and often more frequently) said that: 1) you should stop using username/password as an authentication method; and 2) if you must use passwords, make sure they are "strong" passwords. more

Trends 2012: Identity Management in Age of the Cloud, Mobile and Social
Klint Finley
The whole concept of identity is changing. Due to easier access to data, identity's meaning increasingly relates to the multiple providers and apps that an individual maintains. And the individual generates data with a richer potential for analysis and different associated values. more

Facebook for banking? No thanks!
Commonwealth Bank released its mobile payment system Kaching earlier this week and as promised, it gives users the ability to pay anyone via Facebook,whether or not they're a Commbank customer. Surely not. Since when is Facebook bank-grade security? more

Getting Your IAM Program Ready for 2012
Nishant Kaushik
First, create an IAM governance body. Without establishing a governance body, your organization is not going to be able to overcome the roadblocks, complexities and sometimes personalities that often derail even the best planned IAM project. more

Classifying and choosing a Federated Identity Management approach
Stephen Williams
In this article, Pirean Security Consultant Stephen Williams discusses why different Federated Identity Management approaches exist in the marketplace and why it is important that an organisation fully understands their own business environment, existing relationships and partners before they select a Federated Identity Management solution. more

SCIM: The Right Standard at the Right Time
Darran Rolls
SPML turned out to be far from simple. The effort was well-intentioned one by everyone involved, but ultimately, the resulting spec was too large and complex, and created as many problems for customers as it solved (if not more). more

SCIM Cloud Provisioning Standard Reaches A Big Milestone
Eve Maler
Just this morning I talked with a small business SaaS provider about stepping up their authentication and authorization strategy, and they were excited to hear about SCIM because it could solve a big problem they have. more

Quest acquires Bitkoo ­ another step for Quest to play with the big boys
Martin Kuppinger
This acquisition comes as no surprise given that Dynamic Authorization Management is one of the most interesting amongst the emerging segments within the IAM market. Dynamic Authorization Management is about externalizing authorization decisions from single applications and performing them against centralized backend systems, based on centralized rules. more

3 Best Practices in Identity Management
Lorraine Fernandes
Yet as we march towards electronic records, Meaningful Use, analytics and research, data quality gains new meaning and importance. We've learned that establishing and maintaining the integrity and effectiveness of patient (and provider) identification process requires a pragmatic and programmatic approach. more

Top 5 Authentication Predictions for 2012
Security Park
Retailers and mobile payment providers will lead the adoption of new mobile authentication techniques in 2012 Mobile commerce and mobile payments have not taken off to the degree that many predicted, even though Internet-enabled mobile devices are now so widely proliferated that global sales of smartphones outpaced sales of PCs in 2011. more

Cyber-Ark Predicts: What's Next on the Privileged Horizon
Andrey Dulkin
Privileged accounts have proven to be a 'sweet spot' for attackers because of the broad, often anonymous access they provide to high value targets. However, many organizations are still in the early stages of identifying and solving privileged account weaknesses, including those caused by hard-coded passwords, which provides attackers with an extended window of opportunity. more

Quest Releases Privileged Account Management Plugins for Sudo
Jackson Shaw
Quest's Privilege Manager for Sudo plugins provide a central policy server that eliminates the need for box-by-box management of sudoers files, and offers visibility and relevant reports on Sudo policy and use, including access control; separation of duties; and policy tracking, versioning, and change history. more

Shoppers prompted to share their Facebook data with online retailers opt-in 56% of the time
Christin Engstrom
For the 42 applications, we found that the Facebook Permissions authorization rate was 56% on average. The median rate was 58%, and the first and third quartiles were 50% and 66% respectively. more

Citizen Identity Mgt.
Data Concept EU
Higher levels of e-Government require complete transaction-enabled services. Interoperability, integration and security are the major keys of e-Gov maturity and transformation. Citizen identity Management (CIM) is the major component for the creation of a One Stop Shop. more

Java Identity JSR: A positive step
Anil Saldhana
A complaint I often hear from Java developers is the lack of consistent, standard API/annotations that they can use for securing their applications. JSR 351 aims to provide the necessary API as well as annotations. more

ShieldPass Two-Factor Authentication
Common eXploits
You receive a cool little credit size card that has a clear window area with parts of digits displayed. Once you add the code for this system into your website it will present an area on your screen that you place your card and match the numbers up to enter your password. more

Are You in Denial About Governance, Risk, and Compliance?
Timo Elliott
In conclusion, if you're in the finance function, and responsible for your GRC practices, it's likely that you should be investing more than you are today. more

SCIM nears 1.0 status; work on 2.0, IETF underway
John Fontana
Trey Drake, an architect for UnboundID, said no new features were added between the last revision of SCIM and the 1.0 version. Drake said the group trimmed and cleaned up the spec for its final revision. The final draft is made up of the Core Schema and REST API specs. more

SAML and OAuth-Enabled Identity: The expanding ID universe
Pamela Dingle
My premise is that SAML is not going anywhere. SAML is a stable, well-known, and secure way to send descriptive messages about user identities and security contexts from technically sophisticated partner to technically sophisticated partner using the browser as a medium for communication. more

Rewriting the Religion of Directory Services
Nick Crown
LDAP is an application-level protocol for accessing directories. And directories are simply data stores or databases that are used for storing objects in a hierarchical name/value fashion. There are no restrictions on the types of objects that can be stored in a directory, although traditionally the most common objects stored in a directory are those representing or directly related to people. more

Identity Analytics Takes Shape
Ginny Roth
Data analytics has been a part of the IT world for some time, providing insight into data that enable businesses to be more agile and proactive with information about their business and customers. When it comes to identity, however, the solutions have been focused around automating policies around access to data and applications, but not in understanding the risk associated with that automation. more

Need to Manage the Identities for an Entire Country or Small City? There's an App for That!
Merritt Maxim, CA
This work further demonstrates the maturation of identity management technology and indicates that identity management can support these types of high volume B2C use cases, giving organizations confidence that existing employee-centric identity management implementations can support the high scalability requirements of tomorrow's IT infrastructure. more

Hidden Costs of FFIEC Conformance
Tracy Kitten, Banking Information Security
When it comes to verifying users, that's where dollars are being spent. Enhanced features and technologies that we hear vendors talk about, such as out-of-band authentication that relies on biometrics, aren't a huge focus. more

© Copyright 2003 - 2011, The Virtual Quill