Dave Birch thinks a lot about digital money. Not surprisingly, it is causing him to think a lot about identity. Here he makes a case for getting on with using mobile devices for stronger authentication, even with all their current limitations.

  • Dave Birch: Hey, you, get off of my cloud
    “The level of risk doesn't mean we shouldn't start using phones for two-factor authentication immediately - they are way, way better than passwords - just that the system needs to have realistic controls and management. Actually, I think there's more of an imperative. We need to get people used to authenticating using the handset because the handset is going to become the identity remote control for the cloud.”

There were several other items of interest to the identity community:


  • Gunnar Peterson: Identity is Center Stage in Mobile Security Venn
    “In looking at the overall pieces in play for Enterprise security architecture in Mobile app deployments there are three high level categories of security concern.”
  • John Fontana: Identity a needed link in enterprise security chain
    “While identity to many is just a username and password or an authentication/authorization event, identity’s real enterprise value is as a foundational element for all types of security controls, said Ian Glazer, a research vice president on the identity team at Gartner.”
  • Google: Time to ditch our current software patent system?
    “"One thing that we are very seriously taking a look at is the question of software patents, and whether in fact the patent system as it currently exists is the right system to incent innovation and really promote consumer-friendly policies," said Pablo Chavez, Google's public policy director.”
  • Andreas Solberg: OpenID Connect Federations
    “I’ve another take on OpenID Connect Federations based upon the current implementers draft of OpenID Connect 1.0.”
  • Announcing the OpenID Backplane Protocol Work Group
    “Announced July 16, 2012 at the OpenID Foundation Summit in Vail, Colorado, this new OpenID work group is seeking additional input and participation from the world wide OpenID community, ultimately enabling application developers and systems integrators to bring more robust solutions to websites faster and more cost effectively.”
  • BYOD makes employees work extra 20 hours unpaid
    “The iPass figures, based on a survey of 1,200 mobile enterprise workers worldwide, showed that only eight percent disconnect completely from work while they are on holiday.”
  • Paul DeBeasi: The New Gartner Mobile Reference Architecture
    “Gartner has introduced the first and only Mobile Reference Architecture for enterprise IT organizations. The Mobile Reference Architecture is an integrated set of research that helps IT organizations make technology, infrastructure and policy decisions that support their mobile initiatives.”
  • John Fontana: Mobility; it’s not a device, it’s an IT architecture
    “IT needs to address mobility as an architecture issue and consider a myriad of technology, infrastructure and policy decisions, so said Gartner during the opening of its annual Catalyst Conference.”
  • John Fontana: Enterprise mobility: The list of what's in, what's out
    “Mobility is having a big impact on IT. At the Gartner Catalyst Conference Monday research vice presidents Paul DeBeasi and Jack Santos presented 14 things that are out and what is replacing them.”
  • Michael Poulin: Do we really need identity propagation in SOA and Clouds?
    “In a real-world SO Ecosystem and in Clouds, propagation of end-user identity is useless and even insecure (one business service can learn who are the consumers of another business). We have established the fact that different authentication or identity realms, as well as different service and business ownerships, are in competition in Clouds because of antagonistic commercial interests. So, investments into the propagation of end-user identity beside the scope of directly interacting entities are a waste or resources and funds.”
  • Security Snags Loom Over Social Login
    “Even with standards, social authenticators are hardly secure enough for enterprises”
  • 10 Questions for Layer 7 Technologies CTO Scott Morrison
    [An interview with Scott about who he is and how he got where he is.]


  • Andreas Solberg: Announcing online JWT Debugger tool 
  • “Today, I’m announcing a online JWT debugger tool that allows you to decode and encode JWTs. This tool is part of the Federation Lab test and debugging suite for identity protocols. The Federation Lab also contains testing tools for OpenID Connect and SAML.”


    “Get live help directly from companies that can take your app to the next level. Real-time messaging, nosql databases, app marketing strategies, developer dating and app pricing are topics to be covered by live senior developers fluent with the technologies and business practices necessary for developers to succeed.”
    [Hosted by AT&T, Sept 10 - 13]
  • Cloud Security Alliance EMEA Congress Update
    “I am pleased to inform you that we have some exciting additions to the agenda for the upcoming Cloud Security Alliance EMEA Congress, 25th – 26 September in Amsterdam. “

Cloud Computing

Valuable Identity

  • NSTIC Implementation Hits an Important Milestone: The Identity Ecosystem Steering Group Exists!
    “The meeting signified a major turning point for NSTIC. While NSTIC was issued by the government, it calls for the private sector to lead the crafting of an Identity Ecosystem that can replace passwords, allow individuals to prove online that they are who they claim to be, and enhance privacy. The launch of the Steering Group represented the formal handing of the baton to the private sector. “
  • Retailers, Carriers, Networks, and Disruptors … Oh My!
    “For such a new technology and payments push, I’ve got to say that it’s a pleasant surprise to see such a focus on security. When this stuff started rolling out a few years ago, security was FAR in the back of most entrepreneurs’ minds. But as we all know, the bad guys are bound to eventually try to hammer and/or socially engineer their way through the processes, security techniques, device/browser strengthening, and other factors being put into place. Hats off to the vendors, networks, disruptors, carriers, retailers, and others working on these efforts for trying to keep these financial transactions secure right out of the gate.”
  • Dave Birch: Costs, cash and signals
    “This is utterly wrong, and I have no idea why the Professor would say this. Whatever you think of the merits of cash and its cost-benefit trade-offs against various forms of electronic payments, surely you don't think it is free? The costs of cash might be diffuse and they might be hard to measure, but they most certainly are not zero.”
  • BitInstant confirms Bitcoin card plans
    “Virtual currency transfer provider BitInstant has confirmed that it intends to launch a Bitcoin debit card within the next two months, despite MasterCard recently denying its involvement in the project.”
    [Let me be clear, I think Bitcoin is a mass hallucination and a scam. But it is interesting to watch it play out.]
  • PayPal taps Discover to bring in-store payments to 7M locations
    “PayPal is partnering with Discover to greatly expand the number of merchant locations that will be able to handle its in-store payments. Starting in April, seven million locations in the U.S. will be able to handle PayPal payments."
  • McDonald’s Tests PayPal Hot on Heels of Starbucks-Square Deal
    “McDonald’s is testing a new payments system in which customers use the fast food chain’s mobile app to order and pay for meals. PayPal, eBay’s mobile payments platform, would power the transactions.”


* Required Fields