If you haven't decided to go to the Cloud Identity Summit in Vail, the week of July 16th, it's still not too late. Why the big deal? First off, the greatest minds in identity, from users, vendors and analysts will be there. With lots of parties and receptions, there is no reason why you can't talk to any of them that you'd like. Second, they don't call us #partyidentity for nothing - there will be lots of fun and relaxation. For instance, Ping will be indulging me in my hobby and letting me hand out premium cigars! Third, you can bring your family and turn it into a Colorado vacation. Ping is a family-first company and CIS is no different. Last year we had 50 families!

To whet your mental whistle, here is info about a couple of the speakers:

  • CIS Series. Scott Tomilson: OAuth, mobile and you
    "With the OAuth wave crashing down on the identity space, Scott Tomilson is in an enviable position - up on a hill side taking it all in. The good thing is Tomilson, a technical product manager at Ping, wants to share his knowledge and will do so at the Cloud Identity Summit during a three-hour workshop July 17 entitled: Going Mobile with PingFederate and OAuth 2.0."
  • CIS Series. David Brossard: XACML hands on
    "In the world of access control, there's a need for more Z. At the Cloud Identity Summit in July, David Brossard, a former solutions architect at Axiomatics and now the company's product manager, is hosting a three-hour workshop that will define authori-Z-ation (as opposed to Authe-N-tication) under the lens of the Extensible Access Control Markup Language (XACML)."
  • And look here for more CIS Series stories.....

There were a number of other items of interest to the identity community:


  • John Shewchuk: Reimagining Active Directory for the Social Enterprise (Part 2)
    "So if organizations want to take advantage of the emerging opportunity to connect their identity management and applications to this growing number of external applications and people, they will need to make it easy to connect to their directory, enable new ways to create connections, and have new kinds of workflows, policies, and governance that can deal safely with external connections. Let's look at some of ways that we have been reimagining Active Directory to help organizations "connect" in this new world. "
  • Craig Burton: Making Good on the Promise of IdMaaS
    "There is still a lot to consider in what an IdMaaS system should actually do, but my position is that just the little bit of code reference shown here is a huge leap for usability and simplicity for all of us. I am very encouraged. This would be a major indicator that Microsoft is on the right leadership track to not only providing a specification for an industry design for IdMaaS, but also is well on its way to delivering a product that will show us all how this is supposed to work. The article goes on to make commitments on support for OAuth, Open ID Connect, and SAML/P. No mention of JSON Path support, but I will get back to you about that. My guess is that if Microsoft is supporting JSON, JSON Path is also going to be supported. Otherwise, it just wouldn't make sense."
  • Kim Cameron: Making Good on the Promise of IdMaaS
    "I think it goes without saying that "turning an aircraft carrier 180 degrees in a swimming pool" is a fractal mixed metaphor of colossal and recursive proportions that boggles the mind - yet there is more than a little truth to it. In fact that's really one of the things the cloud demands of us all."
  • Active Directory in the Cloud - the new Microsoft WAAD offering
    "I won't dive into the discussion taking place between Craig, Nishant, Kim and others but clearly have to say that I'm fully with Craig on that it is about "freedom of choice" and that this is fundamentally different from the "freedom to choose your captor"."
  • John Fontana: New IETF group aims to simplify provisioning users to cloud services
    "A provisioning working group gets its marching orders from the Internet Engineering Task Force and sets sites on creating a standard way to add and remove users from cloud-based services and applications."
  • Kim Cameron: Disruptive Forces: The Economy and the Cloud
    "New generations of digital infrastructure get deployed quickly even when they are incompatible with what already exists. But old infrastructure is incredibly slow to disappear. The complicated business and legal mechanisms embodied in computer systems are risky and expensive to replace. But existing systems can't function without the infrastructure that was in place when they were built. Thus new generations of infrastructure can be easily added, but old and even antique infrastructures survive alongside them to power the applications that have not yet been updated to employ new technologies."
  • Kim Cameron: Viviane Reding's Speech to the Digital Enlightenment Forum
    "It was a remarkable day at the annual conference of the Digital Enlightenment Forum in Luxembourg. The Forum is an organization that has been set up over the last year to animate a dialog about how we evolve a technology that embodies our human values. "
  • Apple Wins Surprising Anti-Big Brother Surveillance Patent
    "Apple's patent relates to techniques for polluting electronic profiling. More specifically, and in one embodiment, a method for processing a cloned identity over a network is provided. An identity associated with a principal is cloned to form a cloned identity. Areas of interest are assigned to the cloned identity and actions are automatically processed over a network, where the actions are associated with the areas of interest for the cloned identity. The actions are processed in order to pollute information gathered about the principal from eavesdroppers monitoring the network. The actions appear to the eavesdroppers to be associated with the principal."
  • More than 79 banks breached, 50GB of data stolen, hacker claims
    "A hacker known as Reckz0r on Twitter announced that he has illegally accessed servers belonging to dozens of large banks. To prove it, the hacker released data relating to Visa and MasterCard credit cards. The data leaked includes full names, addresses, debit or credit card type, phone numbers and email addresses. Reckz0r claims this is only a portion of the data stolen, and the full amount is "about 50GB or bigger" taken from "over 79 large banks" that he has been targeting over the last three months."
  • Chris Zannetos: Cockroaches, Teenagers and IAM
    "I met with a senior risk management executive from one of Courion's customers recently, and he shared an analogy with me to illustrate his view that the Identity and Access Management industry has not delivered an effective solution for his organization to manage access risk for the company. I call his analogy:  "If we ran our households the way the industry tells us to run IAM.""
  • Phil Windley: Buying a Motorcycle: A VRM Scenario using Personal Clouds
    "I'm interested in understanding how personal clouds and personal channels can be used to bring intent-casting scenarios to life. This post describes a detailed scenario involving a motorcycle purchase that includes three phases: finding the bike to buy, connecting with the seller, and buying the bike."
  • Doc Searls: Yes, please meet the Chief Executive Customer
    "IBM is familiar with CRM: Customer Relationship Management. Now it needs to get familiar with VRM: Vendor Relationship Management. Because it's with VRM tools and services that customers will have the means to tell companies exactly what IBM's headline welcomes: what they want."
  • Dave Kearns: Lessons Learned from the LinkedIn fiasco
    "By now you should all be familiar with the "hack-in" on June 6 which led to the taking of over 6.5 million hashed user passwords. My colleague, Craig Burton, has addressed what should happen next, but I'd like to examine some issues which might appear tangential to the leak but should still be of concern."
  • Frank Villavicencio: The 2012 IAM Playbook - Part 3 of 3
    "Here, we will continue the playbook items list that we started in Part 2."


  • Handy Vordel SOAPbox How-To links
    "Vordel SOAPbox is a free Web Service and Web API testing tool available from Vordel. Here are some handy links to doing common tasks with SOAPbox. Note that although it has "SOAP" in its name, you can use it just fine for REST APIs, as you can see in the third link below. Happy Testing!"
  • Andreas Solberg: Technical details on how DiscoJuice works
    "There are several roles of the play of DiscoJuice, each falls into separate same-origin policies.

Cloud Computing

  • Critical Paths & Functional Clouds
    "It took me less than 24 hours of being back in my former "home" of the Middle East (Abu Dhabi to be precise) to be starkly reminded that I had been remiss in my goal of penning some thoughts on the potential emergence of what I've dreadfully-named Functional Clouds and, more specifically, where I see they could play a part in the medium and long term future of many enterprises looking to gain more efficiencies from the increasingly buoyant cloud computing market."
  • The Amazon API battle for the cloud rages on
    "The battle over whether it's productive for cloud providers to clone Amazon's APIs will rage on this week. Amazon rival Rackspace built its new cloud platform atop OpenStack and will not support the popular Amazon APIs while Eucalyptus, famously, will. Rackspace President Lew Moorman is not sure what that support buys Eucalyptus."

Valuable Identity

  • Microsoft Shows Off Payment Technology in New Phone Software
    "Among other features, Windows Phone 8 introduces support for hardware with near-field communication, a technology that enables devices to exchange information wirelessly over very short distances, allowing smartphones to be used for payments. Accompanying that, Windows Phone 8 will include a wallet application to store credit cards, coupons, frequent flyer accounts and customers' credit and debit card information."
  • New Kantara Assessment Process Provides Flexibility While Maintaining Rigor
    "Kantara Initiative, one of our approved Trust Framework Providers (TFPs), recently updated their assessment criteria in a manner that continues to meet the requirements of FICAM and NIST, while at the same time providing flexibility in assessing solution providers."


* Required Fields