The higher-education community has embraced federate identity with a passion. There is even a federation engine, Shibboleth, that is like PingFederate. The umbrella organization, InCommon, has made many contributions to the art of Internet scale identity, especially in the areas of standard attributes and trust frameworks. Incommon recently held their annual Confab. Both Ian Glazer and Anil John report interesting results from the meeting.

  • Ian Glazer - A Few Thoughts from the InCommon ConFab
    “This week, I had the pleasure of presenting to this year’s InCommon ConFab. Jacob Farmer of Indiana University and the rest of the InCommon team put together a great day-and-a-half program. Putting people like Bob Morgan (University of Washington), Ken Klingenstein (Internet2), and Anil John (GSA FICAM) on stage to talk about federated identity not only challenges the audience but also the speakers. Even though Bob, Ken, Anil, and I all had different perspectives there are some shared themes.”
  • Anil John - It Depends a.k.a. Access Decisions are Contextual
    “Ian Glazer (Gartner), one of the other keynote speakers, has a good write-up on his blog about the event, so won't repeat it here [Go, read, and come back. I'll wait]. The great thing about the conversation that took place is that we are finally getting past the authentication and LOA conversations to what really matters when it comes to getting things done, which is tackling the hard challenges around distributed/federated/cross-organizational authorization to enable collaboration and the sharing of information.”

There were several other items of interest to the identity community:



  • Axel Nennker - Debugging OAuth2 SSL Connections
    “Debugging SSL protected protocols like OAuth2 can be a problem, but it is not entirely impossible nor hard to do.”
  • Slight OAuth 2 change obliterates a popular app with over 200,000 installs, please temp. revert
    “We've had hundreds of error reports and lots of angry and frustrated users, and the reputation of our software has taken a major hit from this surprise change. So far, it seems that YouTube has, without warning, started returning a 62 character OAuth2 authorization code, instead of the previous 30 character OAuth2 code. Since there is no clear "best practices" way on how to universally parse out the authorization code -- and asking users to copy/paste it themselves is absurd, we have instead always parsed it by finding a 30 character string in the browser title. “


  • SecureCloud 2012 starts next week, Register Now!
    “SecureCloud 2012 is a premier educational and networking event on cloud computing security and privacy, hosted and organized by Cloud Security Alliance (CSA), the European Network and Information Security Agency (ENISA), CASED/Fraunhofer SIT and ISACA, four of the leading organisations shaping the future of cloud computing security. SecureCloud 2012 will be held May 9-10 in Frankfurt, Germany.”
  • InCommon - The Emerging Legal Framework for Identity and Access Management
    “IAM Online - Wednesday, May 9, 2012
    3 p.m. ET / 2 p.m. CT / 1 p.m. MT / Noon PT
    This session will explain the legal issues raised by identity management, including liability and privacy. It will explore how existing laws and regulations govern identity management activities, and identify the legal barriers that such laws create. Then, building on the ongoing work of the American Bar Association Identity Management Legal Task Force, it will explain how a private contract based legal framework can be constructed to address the requirements for a trustworthy identity system. It will also examine the impact of the proposed NSTIC identity system framework on this process.”
  • Scientific Schizophrenia - How many identities do YOU have?
    “Tuesday, 22 May from 11:00 to 12:30, 
    Terena Networking Conference, Hall 3
    This session will present several approaches to federated identity, and will give a glimpse where and why (or why not!) consolidation of online identities makes sense.”
  • Gartner Security & Risk Management Summit
    “11 - 14 June 2012 | National Harbor, MD (Washington, D.C. area)”
  • Biometrics & Identity Management Summit
    “August 20 - 22, 2012 - Venue to be Confirmed, Washington, District of Columbia”
  • Axel Nennker - Identity Management @ RSA 2012 Europe
    “9-11 October, Hilton London Metropole
    Sharpen your keyboard and submit a paper for the Identity Management track at RSA Conference Europe 2012. The leading conference on security and all things you need to know. From the topic description: Identity Management covers issues of access control, authentication, identification technologies & protocols. Sessions on Identity and Access Management (IAM) fit here, along with sessions on IAM standards and architecture. This topic also covers issues such as credential management, multifactor authentication and new methods of authentication.
    The Call for Speakers closes on Friday 18th May.”

Valuable Identity

  • The NFC Debit Challenge
    “Simply put, the United States is a debit card market. I find that more-or-less affluent payments professionals still have difficulty getting their minds around this – after all, they themselves habitually use credit cards in preference to debit cards. But you can’t argue with the data. And debit issuers, still reeling from the combined impacts of the new overdraft rules and Durbin, simply don’t have any money. Certainly not enough to afford the TSM provisioning charges and wallet “rents” being proposed.”


* Required Fields