"Blessed are the paranoid for they shall have back-ups." Poor Drummond - I have had this experience, too. It does highlight one of the values to cloud computing - a large service provider probably manages their IT better than you do.  Still - you do keep a password/lock code on your phone, don’t you?!  No?! For shame!

  • Drummond Reed: This is What a Hole in Your Digital Life Looks Like
    “What kept it from being completely devastating is the amount of my digital stuff that is already in the cloud - Dropbox, iCloud, Gmail, and assorted other mail servers. While I was already a huge advocate of the cloud — see my series on the personal cloud — now I’m going to be an absolute raving lunatic about it. I want the same protection for my digital life as I have for my house and home and possessions in my physical life. And I want a personal cloud infrastructure (and trust framework) that will give it to me — and ensure that I can maintain control over it.”


  • Facebook isn’t Professional Networking
    “Frankly, this is a terrible idea. For those of us that use social media in our jobs, we tend to have things we keep professional (LinkedIn or Facebook Page), things we have that are personal (Facebook personal profile), and things we make public for anyone to see (Twitter).”
  • Girls Around Me: An App Takes Creepy to a New Level
    “Girls Around Me uses Foursquare, the location-based mobile service, to determine your location. It then scans for women in the area who have recently checked-in on the service. Once you identify a woman you’d like to talk to, one that inevitably has no idea you’re snooping on her, you can connect to her through Facebook, see her full name, profile photos and send her a message.”
    [Note: Apple has removed this app from their store.  Apparently, however, the capability does still reside the Foursquare and Facebook APIs.]
  • Easter egg more valuable than corporate password to employees
    “A survey by Ping Identity of 2,000 UK consumers revealed that 48 per cent of them would accept less than £5 for their log-ins, while 30 per cent would give up their corporate passwords for under £1.”
  • The Re-evaluation of Authentication
    “In recent years companies have made an enormous amount of data available online for remote employees, partners and even customers. The same basic authentication methods like username and password or knowledge based authentication aren't enough to adequately protect the range of data that is currently available online, but it has been difficult for organizations to keep up as more applications and data are made available by different groups. I suspect that if organizations were to analyze all of the applications that they provide online access to and honestly evaluate the authentication methods in place, compared to the sensitivity of the data, there would be many areas of concern.”
  • Gerry Gebel, James McGovern: Part One: Software Development Lifecycle (Architecture and Design)
    “Last year, James McGovern who previously was in the role of Chief Security Architect for The Hartford and now is the lead Enterprise Architect for HP focused on insurance and I held several discussions (Part 1, Part 2, Part 3) on using entitlements management within the insurance vertical. Now that we are in a new year, we have decided to revisit entitlements management from the perspective of the software development lifecycle.”
  • The ICAR Federated Identity Model
    “The ICAR Federated Identity Model. Massimiliano Pianciamore, CEFRIEL, Francesco Meschia, CSI-Piemonte. OASIS eGovernment Workshop on Electronic Identity & Citizen-Centric Administration Santa Clara - May 1st, 2008 “
  • The Great Liability Sinkhole
    “It's this registration and liability conundrum that the Cross-Government Identity Assurance Scheme is intended to address at the root of its proposition, and at the moment there's every indication that it might just work. By federating existing trust relationships under trust schemes, the identity assurance approach should allow users to reuse their existing credentials - such as online banking - without liability issues, because there is no inappropriate third party, such as an independent commercial identity provider, involved in the relationship. There is no requirement to reveal banking passwords because the bank becomes the identity provider.”
  • John Fontana: Group aims to vet worth of ID standards for mobile, software, other cloud services
    “The Identity in the Cloud technical committee at OASIS is calling on the public to help it vet identity standards for a myriad of cloud use cases from mobile to digital signatures.”
  • CEO Larry Page & 7 amazing stats about Google
    “On the occasion of the first anniversary as the chief executive officer, Larry Page shared a letter with Google’s investors. He took over the CEO job at last April after making the announcement in January 2011. You should read the letter for yourself. It is a bit of corporate-speak, but nevertheless it feels like it is from a guy who feels happy with his first 12 months in the job. While reading the letter, some stats caught my eye that are simply staggering, regardless of how one feels about the company.”
  • American Bar Association: Federated Identity Management Legal Task Force
    [Chaired by Tom Smedinghoff. Registration is free.]
  • Could Global Payments Breach Finally Kill KBA Questions?
    “When reports started surfacing Friday (March 30) that more than 10 million card numbers may have been compromised in a breach at processor Global Payments in early March, Gartner security analyst Avivah Litan published a delightful early detail: It seems that the cyberthieves gained access by taking over a New York taxi company’s administrative account “by answering the application’s knowledge-based authentication (KBA) questions correctly.””
  • Courion among leaders advocating SCIM standard for cloud-based identity and access management
    “Courion demonstrated the company’s capabilities to support SCIM as both a client and server at the SCIM Interop event held at the IETF 83 Meeting in Paris on March 28, 2012. Courion is among a coalition of leaders developing and demonstrating SCIM interoperability as the IAM standard for cloud applications. “


  • Nat Sakamura: OpenID Connect Stripped Down To Just “Authentication”
    “So, OpenID Connect provides a lot of advanced facilities to fulfill so many additional feature requested by the member community. It indeed is full of feature that is not Authentication. However, that does not mean that it cannot be used for the simple case of “Just Authentication”. Indeed, it is actually quite simple to do it. I would use code flow as the base case in this article, because I believe that is the flow people should use for such cases.”
  • Building and implementing a Single Sign-On solution
    “Most modern web applications start as a monolithic code base and, as complexity increases, the once small app gets split apart into many “modules”. In other cases, engineers opt for a SOA design approach from the beginning. One way or another, we start running multiple separate applications that need to interact seamlessly. My goal will be to describe some of the high-level challenges and solutions found in implementing a Single-Sign-On service.”


  • OpenID Connect: The Identity Singularity
    “Thursday, April 12, 2012 from 12:40 PM to 1:30 PM (ET)
    Justin Richer, Lead Technologist at the MITRE Corporation, will provide a detailed walk through of OpenID Connect, an emerging standard for online identity management, followed by a question and answer session. Justin is an active member of the OpenID Foundation's OpenID Connect Working Group and the IETF's OAuth2 Working Group.”
  • Kantara: UMA Twitter Chat
    “We're turning our User-Managed Access (UMA) Twitter chats into a monthly thing. Third chat will be Wednesday, April 25 at 9am PT! “
  • OpenID Connect Technology Meeting, April 30, 2012
    “Monday, April 30, 2012 from 12:00 PM to 5:00 PM (PT)
    Sunnyvale, CA”


  • HATEOAS 101: Introduction to a REST API Style (video & slides)
    “Thanks to all who participated in the HATEOAS 101 Webinar this week. The video (~30 min.) and slides are below. Check them out for an introduction to the core principles, examples, and a look at the value of the approach for API providers and app developers.”
  • Apigee: The API Facade Pattern: People
    “Thanks to all who participated in the fourth and final episode in the Webinar Shorts series on the API Facade pattern. The fourth episode covers people considerations - the team structures, the roles and responsibilities and the politics - for building and using an API facade. The video (~22 min.) and slides are below. Thanks @landlessness. (Check out the video and slides for Episode 1:Overview, Episode 2:Common Patterns, and Episode 3:Technology)”

Cloud Computing

  • Phil Windley: Personal Clouds as General Purpose Computers
    “While much of the growth in cloud computing is in the enterprise space—especially infrastructure and platform plays like Amazon and Rackspace—there is significant activity in the area of personal cloud computing. Point solutions like Dropbox along with more holistic offerings like Apple’s iCloud and Google’s suite of products are all part of the personal cloud space.”
    [This is the first in a multipart series about a cloud operating system (COS):
    Personal Clouds Need a Cloud Operating System
    The Foundational Role of Identity in a Personal Cloud
    Data Abstractions for Richer Cloud Experiences ]
  • BYOD, The Secret Sauce
    “They will appropriately suggest that the first thing you do is lock the phone if they call to report it missing instead of wiping it right away, especially if it is a personal device. As one company reported recently – by locking the device first they found lost devices were reported missing almost immediately as opposed to the original policy where they did a device wipe right away – people would wait up to 2 weeks to report a device missing as they thought they might find it and didn’t want to lose their data.”
  • OpenStack versus CloudStack: A contest between services and software
    “It looks like OpenStack won't be the only open source cloud computing player. Earlier this week, Citrix Systems released its CloudStack software to the Apache Software Foundation as an alternative to OpenStack. Formerly a member of the project, Citrix cited difficulties in making OpenStack work with its technology as a major driver behind the defection. CloudStack will launch with about 30 technology partners, many of them already involved with OpenStack. CloudStack claims an Amazon Web Services-compatible native API set. OpenStack has an AWS API compatibility feature as well.”
  • Amazon posts (what else?) huge S3 storage gains
    “In case anyone thought the Amazon cloud was losing steam, the company published new data showing that the number of objects stored in Amazon’s S3 service soared to 905 billion in the first quarter of 2012, up from 762 billion for the previous quarter.”
  • Netflix uses lots of cloud services -- but don't call it 'NoOps'
    “Taking this swipe at the ops division in stride, Kail responds, "Adrian and I have a good relationship, and he's said, 'If we ever have a CIO, I hope it's you.'" But Kail adds he thinks the phrase "NoOps" is a little misleading for several reasons.”
  • Gartner Outlines Five Cloud Computing Trends That Will Affect Cloud Strategy Through 2015
    “Gartner has identified five cloud computing subtrends that will be accelerating, shifting or reaching a tipping point over the next three years and that users must factor into their planning processes:”

Valuable Identity

  • Federation, FICAM and Guidance
    “The FICAM Roadmap and Implementation Guidance calls out initiatives that are both Government-wide as well as agency-specific. Two Government-wide initiatives that are of relevance to identity federation are:
    • Establish a federated identity framework for the Federal Government
    • Provide Government-wide services for common ICAM requirements”
  • Trusted Computing Group Adds Members to Expand Trusted Security Solutions
    “New contributor members, who participate in specification development, include Accenture, ARM, Ltd., Battelle Memorial Institute, Nationz Technologies, Inc., RedHat, Inc. and Toyota Motor Corporation.”


* Required Fields