In the identity community, August has always been associated with the Catalyst conference.  This two attendees, Sumner Blount and Nishant Kaushik, report that although the conference is evolving, it is still relevant:

  • Catalyst 2012: Sumner Blount: Gartner Catalyst observations: different, but still valuable
    “For those of you old-timer IAM-ophiles who attended the old Burton Catalyst conferences, the differences in the new incarnation of this conference were striking.  The old Burton sessions were highly technical, and there was a distinct identity focus to most of them, with a number of threat management sessions thrown in for the anti-virus crowd. But, the new Gartner format is much more business-focused - less techie details and less focus on pure identity topics. And, I assume that the audience is evolving to be more consistent with this content evolution - fewer identity architects and more CIOs, for example.”
  • Catalyst 2012: Nishant Kaushik: It’s All About the Conversation (At the Back of the Classroom)
    “The talks were great, but what elevated the sessions even more was the back channel discussion happening on Twitter in parallel, where we not only discussed the points being made on stage, but at many times just completely went off the rails. It doesn’t do it justice (you seriously had to be in the room and on Twitter to appreciate it), but I tried to capture some of the twitsanity below. Enjoy.”

There were several more items of interest to the identity community:


  • John Fontana: BYOD mobile workers thumbing nose at IT security
    “Nearly one in four BYOD mobile workers with smartphones and tablets are employing workarounds to bypass IT controls on corporate data”
  • InCommon: Bring Your Own Token - Part II
    “In Part I of this series we suggest that mobile-based two-factor authentication is a viable alternative to password-based authentication methods. Here in Part II, we discuss the dangers of password reset and describe a mitigating strategy that leverages a privileged phone to securely manage access to the password reset web app.”
  • Sam Curry, RSA: This Too Shall Pass
    “So I naturally loved Dan Goodin’s “Why passwords have never been weaker—and crackers have never been stronger.”  There’s some good stuff in there around the heart of the problem... however, I ultimately saw it as an expression of the inevitable commoditization of the electronic authentication form factor in the world: the password.”
  • Gunnar Peterson: ID Don't Mean A Thing Unless It's Got That Integration Thing
    “Identity has made tremendous progress over the past decade, in my view progress on standards like SAML and XACML has been the "quiet revolution" in delivering more efficacy to real-world security. But the standards and products that support them are not enough by themselves. If they cannot integrate to your application than we are left with yet another silo or worse yet --- shelfware.”
  • John Fontana: SCIM: Yummy on the inside
    “Nearly 75% of companies deploying an emerging, standardized provisioning protocol are doing so to link internal systems, according to a company that helped write the specification and was first to support it.”
  • Scott Morrison: In Defense of OAuth 2.0
    “So what are we to really make of all this? Is OAuth dead, or at least on the road to Hell as Eran now famously put it? Certainly my inbox is full of emails from people asking me if they should stop building their security architecture around such a tainted specification.”
  • Paul Madsen: MIM == (MKM) Mobile key Management?
    “In a great post on the relevance of identity to MIM (Managed Information Management), Brian Katz proposes a model for MIM that I believe looks roughly like...”
  • William I. MacGregor, ID thought leader, passes
    “William I. MacGregor, one of the driving forces behind the government’s FIPS 201 smart card specification passed away last week. MacGregor, Ph.D., CISSP, CISA, served the government and private sector for more than 32 years as a technologist and business strategist, focusing on identity management and enterprise security solutions.”
  • 10 questions for Ping Identity CTO Patrick Harding
    [An interview with Patrick about who he is and how he got where he is.]



  • IIW #15 Neighboring Events
    “Monday October 22nd all with details still to come:
    OpenID Summit
    Federated Social Web
    VRM Meetup”
  • IIW 15: Hawaiian Shirt day for RLBob
    “For this coming IIW #15 we are going to have a Hawaiian shirt day on Wednesday to honor his life and his contribution to our community.”
    [Wednesday, October 24th, IIW @ the Computer History Museum, Mountain View, CA, USA]


  • Mike Amundsen: Using WebSockets – Part 2: A Real-Time Challenge
    “In the previous blog post in this series (Using WebSockets – Part 1: Minding the Gates), Ronnie Mitra talked about the promise of the WebSocket protocol, as well as some security aspects. In this post, I’ll talk about some of the details of the protocol and what they mean for those planning their own WS implementations.”

Cloud Computing

Valuable Identity

  • Identity Woman: Consensus Process and IDESG (NSTIC)
    “Now that we are in this stage that is considering governance and systems for the community of self-identified stakeholders (and people beyond this group who will be the users of the outputs). What I don't know is if people really know what real consensus process is or if we have anyone who is experienced in leading actual consensus processes? It keeps feeling to me like we are using Roberts Rules of Order and then getting everyone to agree - thus having "consensus".  That isn't consensus process.”
  • Identity Woman: IDESG Governing "us": Challenge 1 for NSTIC
    “First Challenge: How are we connecting/structuring and governing the interested stakeholders who ARE showing up to engage.  How are we, as Bob just asked, creating ways, systems, processes and tools to create alignment and agreement?”
  • Identity Woman: IDESG: Governance beyond "us" Challenge 2 for NSTIC
    “Second Challenge:  How are we meaningfully and regularly checking in with those outside the community of self-selected stakeholders - to regular citizens who have to use the currently broken systems we have today and hopefully will be enthused and inspired to adopt the outcomes of this whole effort?”
  • Anil John: How the US Federal Government Participates in the NSTIC IDESG
    “On the FICAM side of the house, we are sometimes asked what our relationship to NSTIC is. The answer is rather simple; FICAM is the US Federal Government's implementation of the NSTIC Vision and Principles. As such, our focus is to assure the security and privacy of Government to Citizen (G2C), Government to Business (G2B) and Government to Government (G2G) digital interactions and services.”
  • Bets of Bitcoin
    “Bets of Bitcoin is a website where you can bet bitcoins on real world events.”


* Required Fields