Chris Hoff (@beaker) is always entertaining to read. This post starts with a concise history lesson about the Cuban Missile Crisis and the Bay of Pigs. It brought back memories from my childhood of hiding under my school desk during nuclear attack drills (funny) and the Cold War (terrifying). But then Chris goes on to talk about the state of the OpenStack standardization effort, which could be one of the most important efforts in cloud computing to-date.

There were other items of interest to the identity community:


  • John Fontana: Study shows hackers more focused on passwords than those who create them
    “Survey shows depth to which Internet users are ignoring core precautions, using weak passwords, and storing sensitive data in email.”
  • Application and Platform Integration of Persona
    “We are happy to see Persona gaining traction in the developer community, with dozens of sites and services integrating Persona to simplify and speed up the login process while simultaneously eliminating site-specific passwords for users.Some recent Persona adopters include...”
  • Paul Madsen: All BYOD threats are NOT created equal
    “You can classify threats to business data on mobile devices (whether BYOD or not) depending on whether
    - the employee initiates the process by which business data is put at risk
    - there is malice involved in the above process, i.e. an active 'attack' against the data compared to inadvertent disclosure”
  • Gunnar Peterson: Mobile Attack Surface
    “Eoin Keary wondered if there were some special considerations for attack surface analysis on Mobile, and I think there are plenty. Mobile attack surface is one of the main areas that changes the nature of the threat and the field of choice for defenders.”
  • Ericka Chickowski: When Bad IAM Kills
    “While this is case-specific to health care, no matter what vertical you're in, bad IAM leads to all sorts of detrimental effects on the business -- ones that technology like single sign-on (SSO) and good IAM practices can drastically reduce, IT experts say.”


Cloud Computing

Valuable Identity

  • To understand BIS’ midata proposal it helps to understand Mydex
    “The Government’s midata consultation to give consumers a statutory right to their data in electronic format affects every individual, and every major company holding customer data in the UK. But it cannot be properly understood in isolation of wider imminent changes in how personal data is managed, shared, controlled and valued.”
  • Anil John: What is new with the BAE Operational Deployment?
    “GSA OGP, together with our partner PM-ISE, is moving out on the operational deployment of the FICAM Backend Attribute Exchange (BAE). The PM-ISE blog post "A Detailed Test Scenario for our Law Enforcement Backend Attribute Exchange Pilot" gives details about our primary use case. In this blog post, I am going to map those business and information sharing aspects to some of the technical details of the deployment.”
  • IJIS: Walking the Last Mile
    “I think this is a good metaphor for the final part of implementing information sharing using contemporary standards as the accelerant. We can burn through the concoction of a new standard for information sharing, creating a way to facilitate high-speed development of exchanges—something like the National Information Exchange Model (NIEM), with supporting standards in service-oriented architecture (SOA) and Global Federated Identity and Privilege Management (GFIPM) as envisioned by the Global Justice Information Sharing Initiative (Global) Advisory Committee (GAC) to the Attorney General (You can find these standards – and others – at Then someone has to physically use the standards to put something into place that will actually do the exchange in accordance with the standard. Implementation of the standard is, by any point of view, the last mile and often the hardest to make happen.”
  • Dave Birch: A calibrated approach to mobile payments
    “Indeed. It is very important to understand the essence of this proposition: regulate mobile payments lightly and allow non-banks to provide them, regulate mobile banking tightly and restrict it the activity to banks.”
  • Contactless NFC/EMV Strategies Get Easier
    “Under the category of a rising tide lifts all boats, standards-making organizations EMVCo and NFC Forum announced their intention to synchronize their efforts to build out EMV/NFC use cases.
    State Rep. Accepts Bitcoin Donations
    “BitInstant, which is an exchange that helps consumers who use Bitcoin transfers, two weeks ago announced it soon would launch a prepaid debit MasterCard. And now a State Rep. in New Hampshire is bringing Bitcoin more into the mainstream and is enabling political donations using the currency. “
    [Live free or die.]


* Required Fields