A Journal of Identity Managementhttp://idmjournal.com/Copyright 2007, the Virtual Quill Dave is absolutely right regarding these benefits, but there are a few other benefits he didn't discuss that are worth pointing out in more detail.http://blog.courion.com/access_assurance_blog/bid/30340/Another-Way-to-Support-Access-Compliance Thu, 04 Feb 2010 14:37:18 PDT My colleague Jörg Resch blogged today about the ignorance regarding layered security approaches. Yes, there is no absolute security. Security is something which is tightly related to risk. Given that we can’t have the perfect security, especially not with people using systems, it’s always about the balance between the security-imposed risk and the cost of risk mitigation.http://blogs.kuppingercole.com/kuppinger/2010/02/04/how-much-security-do-we-need/ Thu, 04 Feb 2010 12:27:56 PDT The group suggested that a firm's web proxy can also act as a security awareness tool, by redirecting users to an internal page which explains why a certain website is blocked, rather than just denying their access.http://www.ihotdesk.com/article/19595679/IAM-can-be-used-in-many-ways,-claims-expert Wed, 03 Feb 2010 13:14:54 PDT Privileged identities are accounts such as administrator and root accounts that hold elevated permission to access files, install programs, and change configuration settings. These accounts exist on nearly every server and desktop operating system, business application, database, Web service, and network appliance in an enterprise.http://eon.businesswire.com/portal/site/eon/permalink/?ndmViewId=news_view&newsId=20100201005242&newsLang=en Wed, 03 Feb 2010 09:36:44 PDT French smart card maker Gemalto (GTO.PA) has acquired Finnish mobile authentication startup Valimo Wireless, tapping into the surging market for mobile financial services.http://uk.reuters.com/article/idUKLDE61205O20100203 Wed, 03 Feb 2010 09:35:13 PDT Then they kind of messed up. For my convenience and to make sure I would be able to use their shiny new site to buy lots of international train tickets they included my password. Yes, you read that right, they mailed me my password. Without me asking for it.http://blog.bavoderidder.com/?p=237 Tue, 02 Feb 2010 12:19:40 PDT A quick recap: Problem – weak passwords = hacking made easy Root cause – us, the (lazy) users Solution – replace us, the (lazy) users Problem solved, moving on!http://shlomidinoor.blogspot.com/2010/02/if-you-have-same-problem-for-long-time.html Tue, 02 Feb 2010 11:13:41 PDT The combination of memberships to different groups seems to be nearly as unique as a fingerprint. According to a paper they published (their server is overloaded at the moment, you may need to try again later), this kind of identification through pattern recognition works with most large social networks, like Xing, Linkedin, Facebook etc.http://blogs.kuppingercole.com/resch/2010/02/02/identification-through-social-pattern-recognition/ Tue, 02 Feb 2010 09:46:39 PDT AuthenTec, which makes fingerprint-recognition systems for consumer electronics, called the overture by UPEK Inc. "a highly dilutive and speculative transaction" that is not in the best interests of its shareholders.http://www.orlandosentinel.com/business/os-authentec-rejects-merger-bid-20100201,0,4956692.story Mon, 01 Feb 2010 12:45:03 PDT But while the NPI supports Medicare and Medicaid payments, it does not address broader provider identity management challenges that will become more critical as health information exchange (HIE) evolves and the nationwide health information network (NHIN) begins to spreads its roots.http://www.govhealthit.com/GuestColumnist.aspx?id=73070 Mon, 01 Feb 2010 12:42:12 PDT The primary goal of SPML is provisioning without the use of proprietary connectors. The reality is that SPML is not currently viable for building useful, standards-based provisioning services because it is too complex and places too much of a performance burden on the connector. http://identityblog.burtongroup.com/bgidps/2010/02/spml-is-on-life-support-.html Mon, 01 Feb 2010 11:12:00 PDT Ideally, my life as a PM of an IAM project starts where the IAM workshop leaves off. I am handed the organized findings of the workshop that include business drivers, use cases/general requirements, a high level architecture and Identity Management roadmap. My first order of business is always challenging: to orchestrate interview sessions with client stakeholders in order to create an RTM, or Requirements Traceability Matrix.http://www.identropy.com/blog/bid/30208/A-Project-Manager-s-Take-on-Initiating-an-Identity-Management-Program?source=BlogTwitter_[A%20Project%20Manager%27s%20] Mon, 01 Feb 2010 08:44:26 PDT Every major identity project I’ve come upon in the last 6 months has had a “federation” component. Some are looking to ease bringing in new users via M&A. Some are thinking about people visiting their public websites. The only thing they all seem to have in common is they are all very confused about their options.http://identitysander.wordpress.com/2010/01/26/federated-identity-graphic-saml-openid-ws-more/ Sun, 31 Jan 2010 16:20:44 PDT Throughout this acquisition, Oracle’s focus is on the customer. We want to make sure that customers continue to remain successful in their projects, and get value from the investments they have made.http://blog.talkingidentity.com/2010/01/expanding-on-the-oracle-sun-idm-strategy.html Fri, 29 Jan 2010 09:43:33 PDT While I certainly can't pretend to sit in judgment on this particular case, since likely only some facts are on the table, the case provides a good framework to discuss the key issue of what is a commercially reasonable level of security and who is primarily responsible for online security.http://community.ca.com/blogs/iam/archive/2010/01/28/internet-banking-related-security-suit-a-case-of-man-bites-dog.aspx?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+CS_CAIAMBlog+%28CA+Identity+and+Access+Management+Blog+%28CS%29%29 Thu, 28 Jan 2010 11:30:01 PDT