Ping Identity > Blogs > PingTalk 

PingTalk Blog

This Week in Identity - Sharing our vision

One of joys of working for Ping is that our CEO “gets it”.  He has a vision, developed collaboratively with the rest of us, about the future of Internet-scale identity.  While we want to be a successful company, we are more motivated by changing the world through identity. In this recent Forbes article, Andre shares that vision:

There were several other items of interest to the identity community (lots more actually!) (click more for the list and links):

Generalsec

  • Phil Windley: Roles in an Identity Ecosystem
    “I created a diagram for another document trying to map out some roles in an identity ecosystem as a way of understanding them better. I’d thought I would share it here.”
  • John Fontana: Researchers discover “worrisome” authentication flaws in many online services, sites
    “Researchers say they have found bugs in Web-based single sign-on services run by Facebook, Google, Twitter, PayPal and others that allow a hacker to hijack the authentication process.”
  • LinkedIn is a Hacker's Dream Tool
    “It's called "spear phishing," and it paid off last year in two especially high-profile security breaches: a Gmail attack that ensnared several top U.S. government officials and a separate attack on RSA, whose SecurID authentication tokens are used by millions. “
  • Phil Hunt: Simple Cloud Identity Management - Getting Started
    “The above diagram shows the typical scenario that SCIM attempts to solve. The perspective of SCIM is to provide a common RESTful API for cloud SaaS providers that enterprises could use to provision accounts. Instead of an enterprise having to provision users to many cloud providers using many different APIs, SCIM proposes a simple provisioning API that all application service providers could support.”
  • Phil Hunt: SCIM - What Should A New SCIM WG Address?
    “But is SCIM about to repeat much of the history of SPML? Has it corrected some mis-steps? Yes, definitely. Is that enough? Let's look at some of the historical issues that will be of relevance to the evolution of SCIM. Just to be clear, my comments are not to suggest that SCIM adopt SPML features. My comments are intended so that SCIM learn from SPML's history.”
  • Blending Cloud IAM Delivery Flavors: Convergence Of In-House And IAM Suite Offerings
    “Moving forward, we expect that the models will converge. With the adoption of cloud IAM at SMBs and enterprises, suite vendors will need to provide cloud IAM services. This will definitely lead to a surge of acquisitions of the above smaller providers (Symplified, Okta, OneLogin, etc.) in the next 12-24 months.”
  • Stephen Wilson: Part B: The Ecology and Natural History of Digital Identity
    “In Part B, I present an alternative framework for understanding digital identity. I will show that a rich variety of identities have evolved to suit distinctly different settings. Just as with real world ecology, characteristics that optimize an identity species in one environment, can work against it in others.”
  • Single Sign-On: What are some of the downsides to using SSO authentication?
    [A question asked in a forum on Focus Q&A.]
  • SXSW: Social Login Is Magical But Tricky
    “Speakers from Facebook, Twitter, and Google explore the cutting edge and complexities of using one account to log into another.”
  • Highlights from The Hypothes.is Reputation Workshop
    “At Fort Mason, San Francisco, on Feb 22 through Feb 24th, fifty leading authorities in reputation modeling, distributed systems, identity, language, and economics gathered to think through the design challenges of a global annotation platform. “
  • John Fontana: Hackers, standards and non-profits: A trinity to rescue Internet identity?
    “Identity on the Internet is in need of an overhaul. Are forces coming together to start the revolution or are traditional foils such as trust still too much to overcome?”
  • Federating the Researchers
    “If you don’t have time to read all of this blog, I will jump straight to the chase! If you work in a library, we would love you to fill out this survey. If you are a researcher, we would love you to fill out this survey. Both will help direct an EU study that is trying to improve access and identity management within research and for researchers.”
  • New Standards for Browser-Based Trust: The Recent Acceleration of Improvements
    “This paper ï¬,rst presents a survey of improvements being made to Browsers, HTTP, and JavaScript, noting what will be effective and what won’t. Methods for leveraging DNS-SEC for improved authentication for different protocols are covered and improvements to TLS are presented covering protocol revisions, extensions, and techniques for using it to improve identity management. Finally a survey of all the proposals about replacing or improving CAs is done, and the commonalities and core concepts of them are drawn out and presented”
  • Anil John: To LOA or not to LOA (for Attributes)... NOT!
    “At both the recent ISOC sponsored Attribute Workshop as well as the Attribute Management Panel at the NSTIC/IDTrust Workshop today, multiple people used the term "LOA of Attributes".  I protest (protested?) this potentially confusing use of the term in this context.”
  • Netflix reveals Android app tests that keep it running on 'around 1,000' devices daily
    “In a quick peek behind the curtain at what life can be like as an Android developer, Netflix's Tech Blog has posted details of the testing process for each iteration of its app. According to Netflix's own stats, after being initially released for just a handful of phones nearly a year ago it now streams to "almost around 1,000" different devices daily. “
  • Martin Kuppinger: Microsoft vs. Google: The battle of the business models
    “Ralph Haupter is the General Manager of Microsoft Germany. The summary of this press release is simple: According to Microsoft, Eric Schmidt just missed the topic. He didn’t talk about managing trust but about some opportunities of the digital world of the future (as Google sees that future). From the Microsoft perspective, it is also about security, privacy, transparency, fair access.”

Technology

  • OAuth: The Big Picture - Free e-Book
    “Over the past year, we've been talking OAuth with some of the leading API teams around the globe as they design their API security strategies, and we've participated in enlightening discussions with designers and developers on the API Craft Google group. All these interactions have helped us build and refine our perspective. We've also received a lot of feedback that people want this stuff for their e-readers so we've pulled our ideas together in this e-book. “
  • Getting Started with OAuth 2.0
    [An O’Reilly book.]
  • SAML sender-vouches use case
    “In my previous blog here I described the different SAML subject confirmation methods (SCM) and how they integrate with an STS. This blog describes the use case for the Sender-Vouches (SV) SCM. As this use case can be solved with an STS also, I compare the two approaches finally.”

Events

APIs

  • Eve Maler: A New Venn Of Access Control For The API Economy
    “Cloud providers and many federated IAM practitioners are excited about OAuth, a new(ish) security technology on the scene. I’ve written about OAuth in Protecting Enterprise APIs With A Light Touch. The cheat-sheet list I keep of major OAuth product support announcements already includes items from Apigee, Covisint, Google, IBM, Layer 7, Microsoft, Ping Identity, and salesforce.com. (Did I miss yours? Let me know.)”

Cloud Computing

  • Adrian Cockcroft: Cloud Architecture Tutorial
    “I presented a whole day tutorial at QCon London on March 5th, and presented subsets at an AWS Meetup, a Big Data / Cassandra Meetup and a Java Meetup the same week. I updated the slides and split them into three sections which are hosted on http://slideshare.net/adrianco along with all my other presentations. You can find many more related slide decks at http://slideshare.net/Netflix and other information at the Netflix Tech Blog.”
  • The SMAQ stack for big data
    “Storage, MapReduce and Query are ushering in data-driven products and services.”
  • Cloud Computing Use to Double by 2015: IBM Study
    “At its IBM Pulse 2012 conference here, IBM released the findings of its study, which indicated that businesses that embrace the transformative power of the cloud will have a significant advantage in the race to introduce new products and services and capture new markets and revenue streams.”
  • Oracle has a cloud computing secret
    “There’s a reason Larry Ellison called cloud computing “nonsense” in 2009 and why he still won’t permit Amazon-style metered pricing for Oracle’s mainstream database and middleware. A traditional 11g database license that today costs $2.8 million up front would cost less than $9 per hour using Oracle’s mySQL on Amazon. (Keep reading to see why this apples-to-oranges comparison is valid.)”
  • Dave Kearns: Identity – Of, By, In and For the Cloud
    “There’s Identity, and there’s the Cloud. While we still can’t quite agree as to what is Identity and what are Cloud Services we also can’t wait until we decide those issues to properly connect the two.”
  • Identity management in the cloud emerges as hot-button issue for CIOs
    “Next, Sallie Mae plans to automate the provisioning and de-provisioning of cloud and network-based applications. Archer hopes to have this functionality in place by year's end.”

Valuable Identity

  • John Fontana: NSTIC commits $2.5 million to build governance body
  • “The government is looking for an organization to lead the establishment and oversights of a group that will be key to the success of the National Strategy for Trusted Identities in Cyberspace.”
    [Dazza Greenwood: NSTIC Governance Bids Now Being Accepted]
  • Access Control and Attribute Management in FICAM
    “As mentioned earlier, one of the priorities for FICAM is to invest in and demonstrate the value of policy driven access control within Government systems. To that end, one of the Working Groups that has been stood up as part of our annual program of work review is the "Access Control and Attribute Management Working Group (ACAGWG)" which I am Co-Chairing.”
    [Anil John: Next Steps, Lack of Blog Posts and FICAM]
  • PayPal Here Arrives
    “PayPal’s going after Square and Intuit’s GoPayment with its PayPal Here, a mobile payment app and dongle combination that has at least three advantages over Square. First, from the promo video, it’s clear the product will be available internationally soon. That’s good. Second, the dongle encrypts the card when it’s swiped. Nearly a year ago, Square announced it would replace its reader with an encrypting model by Q3/2011. As far as we’re aware, that still hasn’t taken place. Third, PayPal supports multi-channel payments. For many retailers, the combination of e-commerce and POS sales is important. For customers, having multiple ways to interact with merchants is also important.”
  • PayPal unveils new Digital Wallet
    “PayPal won’t begin rolling out the new features until late May but Sam Shrauger, VP of global product and experience at PayPal, presented the all-new PayPal digital wallet at SXSW today. Thankfully, I managed to catch up with him and get an exclusive demo of the wallet in action before he took the stage. (I say thankfully because his presentation was at capacity and yours truly couldn’t even get in!)”
  • Discover Sets 2013 EMV Target for North America
    “In a move that the company characterizes as a way of synchronizing with other industry EMV initiatives, Discover announced today that merchants and acquirers in Canada, Mexico, and the U.S. must comply with the card brand's EMV specifications in 2013, though no specific date was provided. The announcement also indicates that EMV is already being supported on the Discover Network, with Wal-mart having processed its first EMV transactions on Discover Network in January.”

Add your comment