The higher-education community has embraced federate identity with a passion. There is even a federation engine, Shibboleth, that is like PingFederate. The umbrella organization, InCommon, has made many contributions to the art of Internet scale identity, especially in the areas of standard attributes and trust frameworks. Incommon recently held their annual Confab. Both Ian Glazer and Anil John report interesting results from the meeting.
- Ian Glazer - A Few Thoughts from the InCommon ConFab
“This week, I had the pleasure of presenting to this year’s InCommon ConFab. Jacob Farmer of Indiana University and the rest of the InCommon team put together a great day-and-a-half program. Putting people like Bob Morgan (University of Washington), Ken Klingenstein (Internet2), and Anil John (GSA FICAM) on stage to talk about federated identity not only challenges the audience but also the speakers. Even though Bob, Ken, Anil, and I all had different perspectives there are some shared themes.”
- Anil John - It Depends a.k.a. Access Decisions are Contextual
“Ian Glazer (Gartner), one of the other keynote speakers, has a good write-up on his blog about the event, so won't repeat it here [Go, read, and come back. I'll wait]. The great thing about the conversation that took place is that we are finally getting past the authentication and LOA conversations to what really matters when it comes to getting things done, which is tackling the hard challenges around distributed/federated/cross-organizational authorization to enable collaboration and the sharing of information.”
There were several other items of interest to the identity community:
- John Fontana - OAuth: Gettin' geeky with it
“I’ve written here before about emerging protocol work designed to bridge the SAML/XML world with the RESTful world of the new kid coders. Last week, the bridge got stronger. Three Internet Engineering Task Force (IETF) drafts, intertwined and designed to fortify the bridge, were updated bringing a more complete picture into focus.”
- Phil Windley - PDS Interoperability
“Last week in London, I attended a workshop Iain Henderson put on at Innovation Warehouse on Personal Data Store interoperability. He used the following illustrative use cases to talk about what interoperability means for a personal data service (PDS):”
- Kantara Initiative - Reinventing the Web, One Site at a Time: New label helps people make smarter decisions about information we share online.
“At this week’s Internet Identity Workshop, Kantara Initiative’s Information Sharing Work Group (http://InformationSharingWorkGroup.org) released a proposed Standard Information Sharing Label designed to help people understand how the information we share online gets used.”
- Craig Burton - Open API Economy II
“Open API Economy presentation for IIW 14”
- EIC Videos on YouTube
[KuppingerCole makes videos of some of the events available on their YouTube channel.]
- Nat Sakamura - Why “privacy” confuses people
“Privacy, whether in the east or west, is a word talked in a vague sense leading to much confusion. In this article, I will try to clarify it from two approaches: etymology and legal literature.”
- Dave Kearns - Quo vadis?
“Passwords have been the security standard for thousands of years, ever since they replaced biometrics as the preferred method of authentication.”
- John Fontana - SNOPA legislation would bar employers from social network passwords
“The proposed Social Networking Online Protection Act is designed to shield the social networking passwords of job applicants and students.”
- Axel Nennker - Debugging OAuth2 SSL Connections
“Debugging SSL protected protocols like OAuth2 can be a problem, but it is not entirely impossible nor hard to do.”
- Slight OAuth 2 change obliterates a popular app with over 200,000 installs, please temp. revert
“We've had hundreds of error reports and lots of angry and frustrated users, and the reputation of our software has taken a major hit from this surprise change. So far, it seems that YouTube has, without warning, started returning a 62 character OAuth2 authorization code, instead of the previous 30 character OAuth2 code. Since there is no clear "best practices" way on how to universally parse out the authorization code -- and asking users to copy/paste it themselves is absurd, we have instead always parsed it by finding a 30 character string in the browser title. “
- SecureCloud 2012 starts next week, Register Now!
“SecureCloud 2012 is a premier educational and networking event on cloud computing security and privacy, hosted and organized by Cloud Security Alliance (CSA), the European Network and Information Security Agency (ENISA), CASED/Fraunhofer SIT and ISACA, four of the leading organisations shaping the future of cloud computing security. SecureCloud 2012 will be held May 9-10 in Frankfurt, Germany.”
- InCommon - The Emerging Legal Framework for Identity and Access Management
“IAM Online - Wednesday, May 9, 2012
3 p.m. ET / 2 p.m. CT / 1 p.m. MT / Noon PT
This session will explain the legal issues raised by identity management, including liability and privacy. It will explore how existing laws and regulations govern identity management activities, and identify the legal barriers that such laws create. Then, building on the ongoing work of the American Bar Association Identity Management Legal Task Force, it will explain how a private contract based legal framework can be constructed to address the requirements for a trustworthy identity system. It will also examine the impact of the proposed NSTIC identity system framework on this process.”
- Scientific Schizophrenia - How many identities do YOU have?
“Tuesday, 22 May from 11:00 to 12:30,
Terena Networking Conference, Hall 3
This session will present several approaches to federated identity, and will give a glimpse where and why (or why not!) consolidation of online identities makes sense.”
- Gartner Security & Risk Management Summit
“11 - 14 June 2012 | National Harbor, MD (Washington, D.C. area)”
- Biometrics & Identity Management Summit
“August 20 - 22, 2012 - Venue to be Confirmed, Washington, District of Columbia”
- Axel Nennker - Identity Management @ RSA 2012 Europe
“9-11 October, Hilton London Metropole
Sharpen your keyboard and submit a paper for the Identity Management track at RSA Conference Europe 2012. The leading conference on security and all things you need to know. From the topic description: Identity Management covers issues of access control, authentication, identification technologies & protocols. Sessions on Identity and Access Management (IAM) fit here, along with sessions on IAM standards and architecture. This topic also covers issues such as credential management, multifactor authentication and new methods of authentication.
The Call for Speakers closes on Friday 18th May.”
- The NFC Debit Challenge
“Simply put, the United States is a debit card market. I find that more-or-less affluent payments professionals still have difficulty getting their minds around this – after all, they themselves habitually use credit cards in preference to debit cards. But you can’t argue with the data. And debit issuers, still reeling from the combined impacts of the new overdraft rules and Durbin, simply don’t have any money. Certainly not enough to afford the TSM provisioning charges and wallet “rents” being proposed.”