The first casualty of the Target breach is the company's highest ranking technology executive. Beth Jacob, chief information officer and executive vice president for technology services, announced her resignation from the retailer, which publicly confirmed in December that credit and debit card information for 40 million of its customers had been compromised. Target also said on Wednesday that it would create a high-level position to focus on web security.
- Security expert Bruce Schneier talk at MIT about the NSA
(Video) In this hour-long lecture, Schneier draws from both the Snowden documents and revelations from previous whistleblowers. His talk describes the sorts of surveillance the NSA conducts and how it conducts it. The emphasis is on the technical capabilities of the NSA, and not the politics or legality of their actions.
- Jonathan Brandon: CSA to open source software defined perimeter "sometime this year"
After a successful hackathon last week that saw its Software Defined Perimeter (SDP) network remain unbreached, the Cloud Security Alliance's (CSA) executive director Jim Reavis revealed that the organization is on track to release an open source version of the framework "sometime this year."
- Darrell Etherington: ComiXology Discovers Security Breach, Says Payment And Password Info Is Secure But Requires Reset
Digital comics storefront ComiXology has discovered a wide-reaching security breach during a security review and upgrade, and is requiring that all account holders reset their passwords.
- Anil John: Fraudulent Account Activity Signaling and NISTIR 7817
In the comments of my previous blog post on fraudulent account activity signaling, Steve Howard pointed to NISTIR 7817: A Credential Reliability and Revocation Model for Federated Identities (PDF) by Hilde Ferraiolo as being relevant to the discussion. It is, and this blog post provides a short synopsis of that work as it applies to fraudulent activity monitoring in federated identity implementations.
- Pam Dingle: Now, OpenID Connect is Real (and ratified)
We at Ping have participated in the standards process to make OpenID Connect happen, working with some crazy smart contributors. We cast our vote last week within the OpenID Foundation in support of the standard. And now that Connect is ratified, we can't wait to get out there and contribute to a very quickly growing ecosystem.
- John Fontana: Cloud-era authentication infrastructure taking shape
The OpenID Foundation Wednesday blessed the final version of OpenID Connect, an authentication protocol that is being called a cornerstone for scalable, standardized identity-based access control across SaaS, mobile apps, enterprise and other resources.
- Kin Lane: Payment APIs I Am Watching
I'm taking a look at teh world of payment APIs right now. As with all my other monitoring of the API space, I am only looking for the best approaches, by the most interesting companies in the space. So far I am tracking on 34 separate payment APIs.
- Paul Madsen: OAuth 2.0: Enabling Identity for the Cloud, Mobile
The key technical underpinnings of the cloud - and the emerging Internet of Things - are APIs. OAuth 2.0 defines a framework for securing application access to protected resources - often but not solely identity attributes of a particular user - through APIs, most typically RESTful.
- John Biggs: A Look At Lumus, The Amazing Lens Technology That Is Going To Change Wearables
The Lumus team is showing off the next incarnation of Lumus, adding a full Android computer and camera to create a system that puts Google Glass to shame.
- Andy Greenburg: So-Called Bitcoin Creator Says He'd Never Heard Of Bitcoin Until Three Weeks Ago
Dorian Prentice Satoshi Nakamoto denies having anything to do with Bitcoin, despite sharing the name of the Satoshi Nakamoto who created Bitcoin in 2008 before disappearing from the Internet several years later.
- Quora question: What are the leading identity management conferences?
Answer wiki has a list.
- Kantara Initiative: 2014 Upcoming Event
EIC - May 12-16: The European Identity and Cloud Conference is an event we look forward to every year. We'll be hosting another workshop at EIC in 2014. We'll be presenting around IRM, UMA, Profiling of OpenID Connect & OAuth, and much more.
Webinar - March 20: Access Management 2.0: UMA for the Enterprise; 11am-Noon (EDT). Free registration.
- Security B Sides: Call for Papers
Security B-Sides Vancouver is an information security un-conference that will be held March 10th and 11th.
- Cloud Security Alliance, SecureCloud 2014
April 1-2; Amsterdam. An opportunity for government experts, industry experts and corporate decision makers to discuss and exchange ideas about how to shape the future of cloud computing security. Focus is on legal issues, cryptography, incident reporting, critical information infrastructures and certification and compliance.
- European Identity & Cloud Conference 2014
May 13-16, 2014; Munich, Germany
The place where identity management, cloud and information security thought leaders and experts get together to discuss and shape the Future of secure, privacy-aware agile, business- and innovation driven IT.
- Cloud Identity Summit 2014
The 2014 event will be held at the Monterey Conference Center in Monterey, Calif. from July 19-22, 2014.