The famous talk is now on Web for those of us who missed it:
- Ian Glazer: Killing IAM in Order to Save It
"I gave this talk a few months ago. I had just finished writing our 2013 Identity and Privacy Planning Guide and was trying to think of a different way to express what I had written. What I came up with was this very, very different way to express what I had written. I'd love your feedback. Also, no commas were harmed in the filming of this presentation."
There were many other items of interest to the identity community:
- John Fontana: Identity, we're all in this together
"We need each other. At least 80% of us will, according to Gartner. The analyst firm says over the next three years, federated single sign-on will be the most predominant SSO technology, needed by some 80% of enterprises. That's a number you can't hide from if you're an identity or security architect, a CIO or even a CEO."
- John Fontana: Curses, just-good-enough authentication, again
"Use of social network identities is expected to sky-rocket in the next two years, but it's aimed at reducing friction between merchants and your money, not because it's a better credential."
- Naresh Persaud: Richard III - Authentication Gets Shakespearean
"With the recent discovery of Richard III in a Leicester parking lot, we realize that authenticating an individual is as important as authenticating a king. Your identity is king. The recent twitter #authchat provides a good survey of authentication techniques. Authenticating Richard required many of the same identity management techniques we use in software. Here are a few observations:"
- Gunnar Peterson: Is SCIM The Shim You Have Been Looking For?
"SCIM is designed to solve common, real-world scenarios while managing users across cloud and enterprise domains, but incentives will drive its success."
- Paul Madsen: The Evolution of Single Sign-on
"The concept of single sign-on (SSO) is not a new one, and over the years it has successfully bridged the gap between security and productivity for organizations all over the globe."
- The Economist: Not a dog
"Businesses, not just governments, have a role to play in helping web users prove their identities"
- Patrick Harding: Identity: The New Security Perimeter
"Traditional security perimeters encircling corporate networks no longer meet the needs of today's enterprise. As businesses move to cloud computing, employees are able to gain access to their work apps and corporate networks through almost any internet-connected device. As a result, they want -- and expect -- this anywhere-access on the device of their choosing."
- Ash Motlwala: Should CMOs Fund the Next Generation of Identity Management?
"What does marketing have to do with cloud Identity Management? Â Quite a bit, it seems. Last week, HMV (a European retailer) laid off 190 employees. Â Among those being let go included Poppy Rose, the HMV "Community Manager" who happened to be in charge of their twitter account. Â The result? Â See for yourself..."
- William Jackson: Is there a uniform way to handle online identities?
"Keeping track of the identity of remote users accessing online resources is a critical and daunting task with few standards for large-scale implementation. There are working schemes for federated services such as the Federal Bridge Certification Authority but little assurance of visibility by all parties involved, which can introduce risks into identity management and access control. This has been a major hurdle in the efforts of agencies to provide more information and services online to remote workers and citizens."
- Dennis O'Reilly: How to enable two-factor authentication on popular sites
"It may not be the perfect security solution, but two-factor authentication reduces the risks associated with common Web activities -- from searching to social networking to online banking."
- IdentityWoman: European Identity Workshop in Feb.
"The European Identity Workshop.
February 12-13 in Vienna.
Registration is here.
Internet identity, identity federation and personal data online are complex, continually evolving areas. The event is inspired by similar events such as the Internet Identity Workshop in California, Identity North in Canada, and Identity Next in the Netherlands, with a focus on European perspectives and initiatives. At EIW, participants will seek deeper understanding, and better solutions to challenges like:"
"Kantara Initiative supports the European Trust and Identity Workshop event as part of ongoing activities to build shared infrastructure, value, and experience to Identity and Access Management systems. We encourage Kantara members and participants to attend the European Trust and Identity Workshop."
- 2013 Election Schedule for the Identity Ecosystem Steering Group (IDESG)
"February 14: To be eligible to vote in the officer elections your signed membership agreement must be received by the Secretariat before 11:59:59 PM (PT) on February 14, 2013. If you are an existing member, a membership agreement was already mailed to you in December 2012 for your signature. If you are not yet a member and would like to join as a member, please fill out a membership application (available at https://www.idecosystem.org/page/new-member-registration-form ) and a membership agreement will be mailed to you."
- James D. Robinson, former American Express chairman and CEO, added to CSA Summit keynote lineup
"The Cloud Security Alliance (CSA) today announced the addition of James D. Robinson III as the closing keynote speaker at the annual CSA Summit 2013 being held at the RSA Conference on Monday, February 25th."
- Kantara Initiative to Appear at HIMSS13
"New Orleans welcomes the 2013 HIMSS Annual Conference and Exhibition, March 3-7, 2013, at the Ernest N. Morial Convention Center. More than 36,000 healthcare industry professionals are expected to attend to discuss health information technology issues and review innovative solutions designed to transform healthcare."
- 5th Federated identity management for research communities (FIM4R) meeting
"Villigen (Switzerland), 20-21 March 2013
This workshop in the fifth in a series that started in summer 2011 to investigate Federated Identity Management for Research (FIM4R) collaborations."
- First eID-Network Conference
"Brussels, 20 March 2013
The first eID-Network Conference will be held on March 20th 2013 in the Egmont Palace in Brussels, in close cooperation with the annual EPCA Payment Summit. The eID network conference focuses on eID in relation to online services toward persons, businesses and governments. We believe eID and related concepts are crucial for advancing e-business transactions, therefore we refer to this as 'transactional eID'."
- Dan Whaley: I Annotate: A Workshop
"After two decades of progress in infrastructure and web technologies, we believe the time is finally at hand to realize the widespread annotation of human knowledge. On a recent call a suggestion was made to bring together people building annotation solutions with those that ultimately will use them. The obvious sensibility of that idea led a number of us to approach the Andrew W. Mellon Foundation for funding for a workshop, which they approved several weeks ago. We're calling it I Annotate, and it will be April 10-12, here in San Francisco, at the Fort Mason Center."
- Internet Identity Workshop XVI #16 - 2013
"Phil Windley, Kaliya Hamlin, & Doc Searls
Tuesday, May 7, 2013 at 8:00 AM - Thursday, May 9, 2013 at 4:00 PM (PDT)
Mountain View, CA
Super Early Bird Ticket Feb 18, 2013"
- European Identity & Cloud Conference 2013
"May 14 - 17, 2013 at the Dolce Ballhaus Forum Unterschleissheim, Munich/Germany,"
- Call For Papers - Open Identity Summit 2013
"September 10th - 11th 2013, Kloster Banz, Germany
Deadline for electronic submissions: May 15th, 2013
The aim of Open Identity Summit 2013 is to link practical experiences and requirements with academic innovations. Focus areas will be Research and Applications in the area of Identity Management and Open Source with a special focus on Cloud Computing."
- Nishant Kaushik: The Dilemma of the OAuth Token Collector
"But what is far more interesting to consider are the ramifications this hack and Twitters response measures have had (or not had, depending on who you talk to) on the ecosystem that integrates with Twitter via it's OAuth implementation. This article brought up the fact that 3rd party apps authorized to interact with Twitter are still able to tweet despite the passwords being reset. In other words, the resetting of the password had no impact on whether they still had access to the account. Why is this important?"
- Francois Lascelle: Enabling token distributors
"In his post The dilemma of the oauth token collector, and in this twitter conversation, Nishant and friends comment on the recent twitter hack and discuss the pros and cons of instantly revoking all access tokens when a password is compromised. I hear the word of caution around automatically revoking all tokens at the first sign of a credential being compromised, but in a mobile world where UX is sacred and where each tapping of password can be a painful process, partial token revocation shouldn't automatically be ruled out."
- Matt Jones: My problem with the "Internet Of Things"
"Spimes and the Internet Of Things get used interchangeably in discussion these days, but I think it's worth making a distinction between things and spimes. That distinction is of course best put by the coiner of the term, Bruce Sterling - in his book which is the cause of so much of this ruckus, "Shaping Things"."
- Robert Lemos: Single Sign-On Increasingly Connected In The Cloud
"Behind the scenes, identity and access solution providers continue a broad effort to integrate to cloud services -- the biggest hurdle to SSO adoption"
- Paul Madsen: Mobile Users taxonomy
- Charles McLellan: Consumerization, BYOD and MDM: What you need to know
"Consumerization and BYOD is reshaping the way IT is purchased, managed, delivered and secured. We delve into what it means, the key products involved, how to handle it and where it's going in the future."
- Identity Woman: What could Kill NSTIC? PDEC White Paper Released
"My colleague at the Personal Data Ecosystem Consortium, Phil Wolff, hosted sessions at the last two IIW's that invited community consideration of the risks to NSTIC. He has put together a paper that outlines the results of these two sessions that were titled "Death to NSTIC" the white paper is "What Could Kill NSTIC: A Friendly Threat Assessment". He has a video about it and you can download it from our website. "
- Anil John: NIST SP-800-63-1 Token Assurance Level Escalation Matrix
"The following table (from NIST SP-800-63-1, Table 7) describes the highest level of assurance that is possible using a combination of two approved token types. This is a per-session assurance level escalation.
- Isis Reports Pilot Doing Well
"Despite some delays with its pilot in Austin, Texas and Salt Lake City, Isis reports active users of its mobile wallet are using it five or more times a week."