If you’ve worked with XML and read the specs, you will remember the name of Tim Bray, one of their co-editors. He also founded OpenText, an early search engine company. Lately, he has been part of the Google Android team. Now, as he writes below, he is joining the Google identity group. He will work with other Google identians such as Eric Sachs and Andrew Nash to help chart the course of Internet identity. Google, along with Microsoft, AOL, Yahoo, and Paypal, has stepped up to participate in the conversation about what this identity should be. Sadly, several other large consumer identity providers have been notably silent. Let’s hope Tim will add his voice to this conversation from his new position at Google.

  • Tim Bray: Now on Identity
    “As of July 1, I’m moving from Google’s Android team to our Identity group, to work on OAuth, OpenID, and that sort of stuff. Back to being a full-time Web guy, for a while anyhow.”

There were a number of other items of interest to the identity community:


  • Mary-Jo Foley: With Azure Active Directory, Microsoft wants to be the meta ID hub
    “ A soon-to-be-delivered preview of a Windows Azure Active Directory update will include integration with Google and Facebook identity providers.”
  • Kim Cameron: There is no hub. There is no center.
    “Mary Jo Foley knows her stuff, knows identity and knows Microsoft. She just published a piece called ”With Azure Active Directory, Microsoft wants to be the meta ID hub“. The fact that she picked up on John Shewchuk’s piece despite all the glamorous announcements made in the same timeframe testifies to the fact that she understands a lot about the cloud. On the other hand, I hope she won’t mind if I push back on part of her thesis. “
  • The site that outs all your stupid Facebook updates
    “We Know What You're Doing proudly reveals all the things you have blurted out on Facebook that you wish you hadn't blurted out on Facebook.”
  • Gabi: A Very Unique, Superlative Interface For Browsing Facebook
    “You can find which of your photos have been most liked by your friends over a day, a week or indefinitely. You can find which of your friends are single or married, (a feature which Facebook hid several years ago).”
  • Matt Flynn: Identity and Access Management: Filling the Gap in Identity and Access Governance
    “Over the past five years, research has concluded that nearly 80 percent of enterprise content is unstructured. That means data doesn’t exist in a managed format where access is granted via a formal application or process. While that percentage is holding steady, the actual amount of unstructured data is growing consistently. Many organizations estimate an annual data growth rate of 30 percent to 40 percent across their file systems.”
  • Merit Network Launches Merit Michigan ID
    “ Merit Network Inc. Thursday announced the launch of Merit Michigan ID, a federated identity management service. Merit Michigan ID enables participating organizations to provide access to shared resources, applications and content over Merit’s trusted network via a single sign-on account.”
  • Infographic: The Potential of Big Data
    “This week, GNIP is hosting Big Boulder: The World’s First Social Data Conference. Big Boulder will take place from June 21-22 in Boulder, Colorado. Dedicated to social data and the myriad use cases surrounding it, the two-day inaugural event will acquaint attendees with the unparalleled experience of some of technology’s leading talent.”
  • Phil Windley: SquareTag: Making Everything Smart
    “Making every thing smart isn't science fiction, it's doable now and has startling possibilities to make the world a better place to live. SquareTag links things to personal clouds so they can be smart. When we give everything a virtual existence by means of an identity and a personal cloud, the entire world becomes our user interface.”
  • Don’t Believe Everything You Read…Your RSA SecurID Token is Not Cracked
    “This week, RSA has received many inquiries, press pickups, blog entries, and tweets regarding an alleged “crack” by scientific researchers of the RSA SecurID 800 authenticator. This is an alarming claim and should rightly concern customers who have deployed the RSA SecurID 800 authenticator. The only problem is that it’s not true. Much of the information being reported overstates the practical implications of the research, and confuses technical language in ways that make it impossible for security practitioners to assess risk associated with the products they use today accurately. The initial result is time wasted by product users and the community at large, determining the true facts of the situation.”
  • Mark Diodati: RSA SecurID, Crypto, and Satan’s Computer
    “You may have read about two recent vulnerabilities associated with RSA authentication products. Last month, a researcher specified how to copy a SecurID software token from one computer to another, which can enable an impersonation attack (Ars Technica). This week, researchers described a way to decrypt data encrypted with a SecurID smart card (again, Ars Technica). You can read RSA’s response (via Sam Curry) to the second vulnerability here. What do these two attacks mean for RSA’s SecurID one-time password (OTP) customers? The answer is likely “not much”, particularly if they are using hardware OTP devices (the predominant form factor).”
  • Jackson Shaw: The Sad World of Passwords
    “Some commentary on John Fontana’s recent article on this topic. First, I wanted to give John some credit for saying (below) that the basic structure is to have a trusted identity provider but, as he states, there is still a single point of failure argument.”
  • Covisint Didn't Die; It Just Went To The Cloud
    “In the olden days of the Internet — way back in 2000, before it was called “the cloud” — everybody thought they could get rich on the Web, even stodgy Detroit automakers. So General Motors, Ford Motor and DaimlerChrysler (still a happy newlywed couple back then) got together with Nissan, Renault and Peugeot and invested $500 million in an online start-up called Covisint. The goal was to develop a secure, online auto parts exchange that would make it easier and less costly for carmakers to manage their complex supply chains.”
  • Sean Deuby: The Strands of Your Identity Web
    “And that's just for on-premises systems. With the dramatic increase in Software as a Service (SaaS) solutions, the number of applications that need identity information has grown far faster than most IT shops' ability to securely provide it. A successful identity professional needs to be able to link multiple identity providers of different types with all these services or applications—think of spaghetti strands—to provide a web of identity. “
  • John Fontana: State AGs affix target to online privacy issues
    “ Online privacy is the focal point during the next year for the newest president of the National Association of State Attorneys General.”
  • Former Microsoft And Amazon Employees Launch Livestar, An App For “Trusted” Recommendations
    “After a year or so of stealth preparation, Livestar today launches an iOS app where you can view “trusted” recommendations. In an effort to become the one-stop-shop for everyone’s recommendation needs, Livestar lets people search for recommendations from their friends and critics– of restaurants, music and movies currently.”


  • Mozilla: Deprecating requiredEmail
    “At the end of last year we introduced an experimental feature called requiredEmail which let websites ask a user to log in with a specific email address, rather than prompting users to select any address. Unfortunately, the use cases we had envisioned never materialized, and requiredEmail failed to find traction with our early adopters.”
  • Directory Graph API: Drill Down
    “This session introduces the new Directory Graph API, a REST-based API that enables access to Windows Azure Active Directory (Directory for Office 365 Tenants and Azure customers). We review the data directory model, the Graph API protocol (based on Odata V3 protocol), how authentication and authorization is managed, and demonstrate an end-to-end scenario. We walk through sample code calling the Directory Graph API. A roadmap is also reviewed”
  • Vittorio Bertocci: The Recording of “A Lap Around Windows Azure Active Directory” From TechEd Europe is Live
    “As it is by now tradition for Microsoft’s big events, the video recording of the breakout sessions are available on Channel9 within 24 hours from the delivery. Yesterday, I presented “A Lap Around Active Directory”, and the recording punctually just popped up: check it out!”


  • Simon Wardley: On Competing with APIs
    “APIs are just a vehicle for creating ecosystems and it's through exploitation of ecosystems (under models such as innovate-leverage-commoditise) that a company can aim to become linear for innovation, customer focus and efficiency with the growth of the ecosystem. So when competing in an active market on APIs providing similar activities (such as Infrastructure), you really only need to ask yourself - what are the relative sizes of the active developer ecosystems consuming those APIs?”
  • Surveying 1000 APIs – Infrastructure and SaaS APIs power new API Growth
    “One of the dimensions we looked at in our recent 1000 Programmable APIs study was the primary business areas of the APIs – in other words the type of data or functionality being offered and how this is evolving. Programmable Web provides excellent fine grained classification data on the APIs it lists, however it can be a little hard to get an aggregate picture across the fine grained data – se we dug a little deeper by carrying out our own classification and grouping programmableweb’s tags for this data set.”

Cloud Computing

  • Gartner Predicts Cloud IAM Will Grow 500 Percent by 2015
    “At a recent summit, Gartner analysts made strong assertions about cloud-based IAM’s growing predominance, predicting that cloud IAM will grow 500 percent from 2012 to 2015. In addition, they predict that IDaaS will account for 25 percent of all IAM sales by 2014 (today, IDaaS makes up less than 5 percent of IAM sales).”

Valuable Identity

  • Anil John: New FICAM Guidance on using PIV and PIV-I Cards in Agency PACS
    “Incorporating stronger authentication technologies in an Agency Physical Access Control System (PACS), such as PIV and PIV-I cards, is a critical aspect of mitigating the risk of physical security breaches. FICAM recently published the "Personal Identity Verification (PIV) in Enterprise Physical Access Control Systems (E-PACS)" (PDF) document which provides detailed technical and security guidance for leveraging PIV and PIV-I authentication mechanisms in a federal agency PACS.”
  • Orange begins France-wide NFC SIM roll-out
    “Mobile network operator Orange has begun rolling out NFC-enabled SIMs to its 27 million customers across France in a move that will accelerate the uptake of contactless payments.”
  • BitPay Shatters Record for Bitcoin Payment Processing
    “During the past 24 hours, BitPay Inc (https://bit-pay.com) has set a new record for internet payment processing with the new bitcoin digital currency. The majority of the sales were generated by Butterfly Labs, a merchant in Kansas City, with the much-anticipated release of their new ASIC cryptographic processors.”
  • On Dorsey, Square, and Making Payments More Human
    “In an excellent article from Wired, both the personality of Jack Dorsey and the ambitions of Square are explored. The call-out below should dispel any notion that Square is just a simple mobile-payment acceptance company. That’s just where it starts. “
  • Sweden's big four wireless operators launch mobile wallet
    “Sweden's big four wireless network operators have launched a mobile wallet service that covers 97% of the country's handset users.”


* Required Fields