Salesforce announced last week that they are offering a full-blown, corporate identity management system hosted in the cloud, based on standards. My colleague, John Fontana, has an excellent analysis of the implications of this.

Additional articles are available from Salesforce’s identity wizard, Chuck Mortimore, Gartner’s Ian Glazer, KuppingerCole’s Craig Burton and Forrester’s Eve Maler. For these and other items of interest to the identity community, read on.


  • Salesforce: Chuck Mortimore: Introducing Salesforce Identity
    “Today, we process over 7 Billion logins a year on behalf of 100,000+ customers. And, after years of establishing identity as an integral part of our platform, we’re extending the same trust, ease of use, and simple administration to third-party clouds and applications with the introduction of Salesforce Identity.”
  • Ian Glazer: A glimpse of the future: Salesforce Identity
    “You’re likely asking, “Federation and user provisioning – how is that a glimpse of the future?” Taken in isolation, you are right; federation and user provisioning aren’t futuristic or anything special to crow about. But the crucial thing to note is that isn’t thinking about identity in isolation, and isn’t deploying identity in isolation. isn’t offering identity by itself but instead offering identity within the context of PaaS, delivered, managed, and licensed as such.”
  • Craig Burton: Salesforce Identity
    “When I first heard of Salesforce’s Identity announcements this week at Dreamforce, I was reminded of the old joke “Q:Where does a 500lb. gorilla sit? A: Anywhere he wants.”
  • Eve Maler: Cloud-Native Identity Management Is Suddenly Looking Like A Winner
    “Two even newer cool examples of a cloud changeup in identity storage and management: On September 5, Okta announced a partnership with Workday that enables it to offer employee identity management as a cloud-native proposition. And today, announced what looks to be an insanely comprehensive V1 of a cloud-native IM+AM offering, with provisioning workflow and reporting options that leverage the increasingly mature Salesforce Platform. Other service providers we consider to be cloud IAM dark horses, given these recent moves: Google, Intuit, and Amazon. Here’s what we at Forrester think this all means:”
  • InCommon: Thomas Scavo: Attribute-based Policy Configuration at Scale
    “Today administrators of identity provider (IdP) middleware in the InCommon Federation configure attribute release policy based on the identity (entityID) of service providers (SPs). I’m happy to say those days are numbered. A new approach to user attribute release based on entity attributes has arrived. This new technique promises to scale better, by relieving administrators from the burden of having to rely on policy files that are inherently difficult to maintain.”
  • Andreas Solberg: Announcing UNINETT WebApp Park
    “I’ve spent a few months working on a prototype of UNINETT WebApp Park. The UNINETT WebApp Park is a simple, scalable, efficient and secure ecosystem for rapid development of modern web applications for higher education. I’ve created a 20-minute walk-through video of the prototype. This is just the beginning, and I’ve got a bunch of ideas of further work on the platform. If you take the time to watch it, I'd really appreciate it, thanks!”
  • Ian Yip: Do security like a start-up or get fired - Identity: Identity is the foundation
    “It's not that saying "Identity is the new perimeter" is wrong. I don't disagree with it fundamentally as a concept. But using the term "perimeter" keeps one foot in the past in terms of holding on to the concept of there being one. It isn't there, people. At least not in the traditional sense of there being a virtual barrier keeping the bad guys out.”
  • Craig Burton: SAML is Dead! Long Live SAML!
    “Answers to the unanswered questions from the webinar. Last Friday on Sept. 14, Pamela Dingle—Sr. Technical Architect from Ping Identity Corp.—and I conducted a free webinar about the much ballyhooed demise of SAML.”
  • Dazza Greenwood: Summer Project Demo: OAuth Login With OneCard via NFC
    “Below is a rough cut of a much longer video (being edited now), demonstrating the MIT Media Lab Proof of Concept for OpenID Connect (just OAuth for this first go) on a “OneCard” via NFC… Basically this means you can log into a website, mobile app or other online service by waving a card near your phone or other RFID reader…”



  • OASIS: Register for complimentary KMIP and SAML Webinars - 25 September 2012
    “OASIS is pleased to announce two new security related webinars that will occur on Tuesday, 25 September 2012.
    1. The 'Addressing the New Complexities in Key Management Interoperability: KMIP V. Next' Webinar
    2. The 'SAML -- Right Here, Right Now' Webinar”
  • IDESG and NSTIC Roundtable in Seattle October 4
    “The Identity Ecosystem Steering Group (IDESG, or Steering Group) will hold an IDESG/NSTIC roundtable in the Seattle area October 4. Because the continued success of the IDESG depends on the active involvement and leadership of the private sector, the Oct. 4 roundtable will kick off a series of regional events designed to engage companies, organizations, and individuals interested in the work of the IDESG and NSTIC, but unable to attend recent Steering Group meetings in Chicago and on the East Coast.”
  • Travis Spencer: At Upcoming Cloud, Mobile and Identity Events in Holland
    “We are heading down to the Netherlands next month and again in November for some really exciting events. First, we'll be at the Broadband World Forum in Amsterdam and then at IDentity.Next in the Hague.”
  • OpenID Connect Technology Meeting, Oct 22 , 2012
    “The OpenID Foundation
    Monday, October 22, 2012 from 11:30 AM to 5:00 PM (PDT)
    Mountain View, CA”


  • Craig Burton: Identity in a Post-PC Era
    “The KuppingerCole API Axioms
    Everyone and everything will be API-enabled
    The API Ecosystem is core to any cloud strategy
    Baking core competency in an API-set is an economic imperative
    Enterprise inside-out
    Enterprise outside-in”

Cloud Computing

  • Chris Hoff: Cloud Service Providers and the Dual Stack Dilemma
    “Many of these CSPs have instantiated dual cloud stacks. Originally VMware (vSphere or vCloud Director) for their “enterprise” customers and then additionally one of the *stack offers for their “non-enterprise” customers…or those that seek low cost as a driving function. But the logic behind dual stacks is changing…”
  • OpenStack gets Real
    “After a sometimes contentious incubation period,  the OpenStack Foundation is now official, with a new 24-member board chaired by SUSE exec and Linux Foundation director Alan Clark; 5,600 members; and $10 million in backer’s funding. Rackspace’s Jonathan Bryce, who did a lot of the heavy lifting moving OpenStack along, is executive director. The news comes after a few weeks of dramatic back-and-forth discussion (surfacing on Twitter) about who should be voted in and how public that process should be.”
  • Phil Windley: Where Does the CloudOS Run?
    “While the natural answer to 'where does the CloudOS run?' is 'in the cloud, silly!', the real answer is a little more nuanced. Whereas the implementation of the CloudOS closely mirrors the architecture of a traditional OS kernel, personal clouds are deployed in a manner that is very much in line with the architecture of the Web: decentralized and open.”



  • Azigo takes email advertisements and puts them into a beautiful stream instead of your inbox
    “Azigo is trying to solve what it calls “the paradox of commercial email”. It’s like having a private party where everyone with your address can show up uninvited. It’s not that you don’t want to see those people, but you want to do so on your own terms. So Azigo is giving you a “commercial” email address and then placing those emails into a Pinterest-style display for your browsing pleasure.”
  • Mydex: Data and information sovereignty is the next big consumer issue – Demos
    “Demos has a new paper out called The Data Dialogue, by Jamie Bartlett. “The Populus survey suggests that people share an increasing amount of information about themselves – and expect to share even more in the future. However, there is a crisis of confidence: the public is uncomfortable about the way personal information and behavioural data are collected by government and commercial companies. There is a danger that this loss of confidence will lead to people sharing less information and data, which would have detrimental results for individuals, companies and the economy. The solution is to ensure individuals have more control over what, when and how they share information.””
  • Doc Searls: Browsers should have been cars. Instead they’re shopping carts.
    “I think what’s happened in recent years is that users searching for stuff have been stampeded by sellers searching for users. I know Googlers will bristle at that characterization, but that’s what it appears to have become, way too much of the time.”
  • Ed Bott: Why Do Not Track is worse than a miserable failure
    “Two big associations, the Interactive Advertising Bureau and the Digital Advertising Alliance, represent 90% of advertisers. Downey says those big groups have devised their own interpretation of Do Not Track. When the servers controlled by those big companies encounter a DNT=1 header, says Downey, "They have said they will stop serving targeted ads but will still collect and store and monetize data.””

Valuable Identity

  • John Fontana: NSTIC launches pilot programs with $9 million in grants
    “The National Institute of Standards and Technology (NIST) Thursday committed $9 million to five pilot programs that mark the first efforts to turn into reality the goals of the 17-month-old National Strategy for Trusted Identities in Cyberspace (NSTIC) initiative.”
    [NIST: Five Pilot Projects Receive Grants to Promote Online Security and Privacy]
  • Anil John: Attributes Anytime, Anywhere. Extending BAE to Support New Protocols
    “The Backend Attribute Exchange (BAE) Capability implements a pure Attribute Provider and, by deliberate design, does not provide any authentication functionality. The current technical implementation of the BAE supports a secure FICAM Profile of SAML 2.0 Assertion Query and Response (PDF) which is bound to SOAP.  In this blog post, and as a thought exercise, I am going to walk through some of the approaches, considerations and use cases in how we could extend the BAE to support additional protocols for attribute exchange.”
  • Gemalto: Michael Magrath: Multi-Factor Authentication on the Way for Healthcare
    “This week, I am the bearer of good news – it looks like multi-factor authentication is going to be a mandatory requirement in the US healthcare system.”
  • Dave Birch: Wallets, mobile wallets and hyper wallets
    “Well, I think we're moving beyond the opening shots of the "wallet wars". There seems to be coalescing opinion that mobile payments by themselves are unlikely to generate the kind of revenues that get big organisations excited and that payments are merely table stakes in a much bigger game. This bigger game is about access to, and indeed control of, transactional data. So the payments have to be wrapped up in a bundle that will be attractive to the stakeholders, and attractive enough to manage lots of different kinds of transactions.”
  • EMV Battle Impacts Mobile Payments
    “Most of everyone knows of the EMV efforts in the US, with Visa implementing a liability shift on October 1, 2015. In this model, any merchant that is presented with a chip and pin card, but is not capable of processing it (as an EMV), will bear fraud loss. There have been very BIG swings in strategy over the last 6-8 months. The big issuers were all dead set against EMV.. saying they could not afford the cost to re-issue. Now all are on board… why? This is what I’m thinking about today…”
  • MasterCard launches mobile PayPass SDK
    “MasterCard has released a toolkit to help developers build Android and BlackBerry apps using its PayPass contactless technology”
    [iPhones don’t support NFC yet so the kit won’t work there.]


* Required Fields