Mozilla released a beta of their consumer identity system, called Persona.  Using an email address as a persistent identifier, Persona aims to be simpler and more ubiquitous than OpenID.

There were several other items of interest to the identity community:


  • Mydex: On personal data as in other areas: woolly thinking is dangerous
    “In the world Sandy is talking about it’s impossible for individuals to know how their data is going to be used, for what purposes, so they cannot give meaningful permission and exert meaningful control. Clearly the data protection position differs and is evolving both in the EU and US. And it’s not just the rights we need, but enforcement. But as well as regional data protection rights we foresee legally enforceable data contracts between individuals and organizations that use their data, which will benefit individuals and organisations alike.”
  • Martin Kuppinger: Security by obfuscation
    “The reaction to the security alert for Windows Explorer recently revealed an interesting phenomenon: Many people believe in security by obfuscation. I alerted some people when I first saw the news concerning that security issue. Some reacted by saying: “I like my Apple iBook” or “I’ve used other browsers for a long time”. No doubt, these people are not affected by that Internet Explorer security issue. But the underlying message in these comments is about “security by obfuscation”.”
  • Dave Kearns: In search of privacy
    “What is privacy, and how important is it? Ayn Rand, in The Fountainhead, said: “Civilization is the progress toward a society of privacy. The savage’s whole existence is public, ruled by the laws of his tribe. Civilization is the process of setting man free from men.” While Isaac Asimov (in Foundation’s Edge) has one character say: “It seems to me, Golan, that the advance of civilization is nothing but an exercise in the limiting of privacy.””
  • Ian Yip: Sharing your Dropbox files via Facebook makes them public
    “Dropbox just announced a partnership with Facebook that allows you to share your Dropbox files with fellow Facebook Group members. If you read through the comments on Dropbox's post, the reactions are mixed, with some stating they will stop using Dropbox altogether. Many of the negative reactions look to be due to issues with Facebook's track record and disregard towards privacy.”
  • Ian Glazer: The Newest Member of Our Team: Heidi Wachs
    “As I mentioned at Catalyst, the Identity and Privacy Strategies team is growing. I am excited to announce that Heidi Wachs has joined the team effective yesterday.  Heidi joins from Georgetown University where she was the University Chief Privacy Officer and Director of IT Policy.  At Georgetown, Heidi worked to establish and manage University-wide data privacy initiatives for information technology operations and data breach response.  Heidi has an extensive knowledge of the higher education market: in addition to Georgetown, Heidi has worked with EDUCAUSE helping to establish policies and practices. Obviously, Heidi will be covering privacy with me, but we are also going to turn her into an identity geek as well.”
  • Eve Maler: Enterprise “Overextended”? You Need To Evolve Your Identity Strategy
    “We at Forrester have been promulgating a Zero Trust Model of information security. It eliminates the idea of distinct trusted internal networks versus untrusted external networks, and requires security pros to verify and secure all resources, limit and strictly enforce access control, and inspect and log all network traffic. Zero Trust applies effectively to identity as well. It requires security and identity pros to: 1) center on sensitive applications and data; 2) unify treatment of access channels, populations, and hosting models; and 3) prepare for interactions at Internet scale. Moving toward Zero Trust identity not only helps you improve business agility and achieve compliance – it even helps you enhance customer experience and deliver on your org’s API monetization strategy.”


  • Anil John: How To Collect and Deliver Attributes to a Relying Party for User Enrollment
    “In order for user enrollment to work at a Relying Party (RP) it needs a shared private piece of data that represents a claim of identity (e.g. SSN, Drivers License #) and a set of information that can be used to prove the claim. The manner in which the RP obtains the latter depends to a great degree on the identity verification model that is used. This blog post describes the steps and considerations regarding attribute movement for the purpose of user enrollment.”


  • European Identity & Cloud Conference 2013 Preview
    “European Identity & Cloud Conference 2013, taking place May 14 – 17, 2013 at the Dolce Ballhaus Forum Unterschleissheim, Munich/Germany, offers the most valuable platform in Europe to position your company as a key player in the game changing marketplace for solutions and services in the fields of Cloud Computing, Identity Management, Information Security and GRC.”


  • Leif Bildov: Do You Need MBaaS to be a Mobile Bad Ass Developer?
    “Simple answer: no. But if you’re a developer building the next great consumer app in a hurry, it probably won’t hurt. MBaaS (“mobile backend as a service”) solves some pretty prickly problems for the start-up developer. “
  • Kevin Swiber: Punk Rock and Web API Styles: Differentiate and Accept
    “Mainstream culture and subculture have a give-and-take relationship. Strong opinions are formed on both sides as cultural ideas shift between the underground and the commonplace. Let's explore this as it pertains to Web APIs, but first, we'll illustrate this pattern with a more popular example: punk music.”

Cloud Computing

  • Simow Wardley: A dangerous intervention …
    “A few years ago, I warned about the dangers of Government intervention and creation of certified cloud providers. After reading the EC communication on Cloud Computing, my concerns are that we will start on this path.”
  • Cloud Security As A Service Working Group Wraps Implementation Guidance
    “The Cloud Security Alliance (CSA) today announced that its Security as a Service (SecaaS) Working Group has completed its peer review process and has published implementation guidance documents expanding upon their “Defined Categories of Service" document that was first made available in August of 2011. The Working Group’s Implementation Guidance now includes peer-reviewed documentation for each of the ten service categories that were defined in the previous version.”
  • Inside Facebook's lab: A mission to make hardware open source
    “A look behind the scenes of Facebook's hardware lab, the spiritual home of the Open Compute datacentre hardware movement, which may radically change the type of IT enterprises use, and who they buy it from.”


  • With Twilio's help, AT&T opens up SMS, voice to developers
    “AT&T is launching a new program called Advanced Communication Suite which not only resells Twilio-powered cloud communications apps but lets more-savvy businesses tap into its voice and SMS APIs. What’s more, given Twilio’s broad reach, AT&T may overcome the problem of cross-carrier fragmentation”

Valuable Identity

  • John Fontana: Visionary pushing Canada toward cloud, identity future
    The Canadian government plans to release a digital economy strategy by the end of the year, and one observer is gunning to use the milestone as a trigger for building a cloud computing industry secured by a standards-based identity infrastructure.”
  • Craig Burton: NSTIC Update
    “National Institute of Standards and Technology awards $9M to support trusted identity initiative”
  • Dave Kearns: Will NSTIC stick it to us?
    “I'm a member of the Identity Ecosystem Steering Group (IdESG) also set up by NIST to help create a trust framework for NSTIC. Many of the members of IdESG were surprised that the pilot projects were to be started before we had defined a framework. Even more, they were thunderstruck that there was no requirement for IdESG to oversee or contribute to the pilots. “
  • Dave Birch: Who wants low-cost bank accounts?
    “If bank accounts aren't the solution, then what is? In recent times, the prepaid card has become the main alternative to a bank account and, indeed, for the majority of unbanked and overbanked people, prepaid card products are a decent alternative.”
  • Binary Blogger: The Retailer Authentication Conundrum
    “I am going to focus this post primarily on retail transactions although the problem of identification of an individual is rampant all over this country. Tens of BILLIONS of dollars are lost every year to credit and debit card fraud. Yet the major card companies, MasterCard and Visa, are doing very little to force change. Perhaps insurance write offs are far less expensive than leading the industry to solve this problem. However, it's not the card company's fault entirely, the retailers themselves are mostly to blame for allowing fraudulent card use to happen in the first place. “
  • Bank of America testing QR Code scanning mobile payment system in North Carolina
    “Mobile payment is still a bit of a wild west at the moment, and seemingly every technological and financial institution has a dog in this fight. Bank of America's not going to just sit idly by and watch it all unfold. The U.S.'s second largest bank has flirted with NFC in the past and is currently doing trials with QR scanning in Charlotte, North Carolina, where it's based. At present, five sellers in the area are taking part in the pilot program, with bank employees given access to the technology. The three-month trial is the result of a partnership with mobile payment company Paydiant, is compatible with Android handsets and iPhones, no NFC needed, naturally.”


* Required Fields