Bob Blakley first articulated the idea of an identity oracle. Rather than providing attributes, the oracle answers a question. This makes monetization of an identity provider possible and avoids stale attribute mappings. Anil John from the ICAM project explores how to implement an oracle.

  • Anil John: How To Implement the Technical Aspects of an Identity Oracle
    “In the age of attributes, personal data, and data brokers, the concept of Identity Oracles and how they can help to mediate between diverse entities is something worthwhile to consider. This blog post provides a short introduction to the Identity Oracle concept and discusses the work FICAM is starting in order to address the technical intersection of Identity Oracles and Attribute Providers via a new Backend Attribute Exchange (BAE) Protocol Profile.”

There were other items of interest to the identity community:


  • xkcd: Identity
    Another fabulous xkcd comic
  • Eve Maler: Identify And Influence Identity Stakeholders
    “This report outlines the stakeholder needs of the Identity And Access Management playbook. Forrester has identified lack of IT executive buy-in and attention as a chronic issue in projects related to identity and access management (IAM). Who are the parties with a stake in the success — or failure — of these projects? How can you as an IAM professional work with all of these stakeholders appropriately to plan and execute IAM projects, so that you can measure the result in units of utility rather than futility? And how can you contribute to projects led by others that impact your identity and access strategy? This report breaks down the roles, responsibilities, and communication and collaboration must-dos for those who initiate and manage IAM change.”
  • NIST: SHA-3 Winner
    “NIST announced Keccak as the winner of the SHA-3 Cryptographic Hash Algorithm Competition and the new SHA-3 hash algorithm in a press release issued on October 2, 2012.”
  • John Fontana: ID spec's approval opens enterprise path to secure mobile, cloud
    “The Internet’s emerging identity era showed a peek at its enterprise future last week standardizing two simple, extendable and effective protocols poised to help define access control going forward.”
  • Nat Sakimura: More on the privacy enhancement project (now PEOFIAMP)
    “When I wrote the previous post (US$1.5M project to bolster the privacy and security of the cyberspace), the English name of the project was not yet determined. Now we have one.”
  • Mark Rausch: FTC Slaps Down Retail Use Of Tracking Software
    “In a case that has potentially significant consequences for NFC and RFID applications, the U.S. Federal Trade Commission is cracking down on so-called “phone home” technologies being used by computer rental companies to monitor consumer behavior.“
  • Chris Maher: A Call to Conscience
    “If NIST is committed to championing standards-based technologies to protect our government’s most sensitive systems and our nation’s critical information infrastructure, then it is time for it to recognize the foundation for interoperability, security automation, and, ultimately, cyber situational awareness… is a standards-based hardware root of trust, i.e., the Trusted Platform Module. “



  • Joseph Puopolo: Why You Shouldn’t Build A Business On An API Call
    “The risk is clear, if the data dries up so does your business. For all that have created apps based largely on API calls, consider what would happen if that information fire hose wasn’t there anymore. The companies who provide these APIs may not disappear, but it will definitely be a game-changer. The changes to Twitter’s API should serve as a warning sign and an important reminder.”

Cloud Computing

  • Dale Olds: Turtles all the way down
    “On the identity team we’ve been working to evolve Cloud Foundry’s user authentication and authorization system into a full suite of identity services — open source and built on open standards. We’ve built some cool stuff. We are now starting to publicize what we’ve built and more actively engage with the community.”
  • CloudStack strikes back in the battle of open-source clouds
    “In case you’ve forgotten in the face of so much OpenStack news this week, there’s more than one open-source cloud in town. And, Citrix-backed CloudStack gained some key vendor support with Cisco and CA signing onto the effort this week. “


  • Martin Kuppinger: BYOD: Just a symptom of a bigger evolution. Don’t worry about BYOD – solve the challenges of the Computing Troika
    “Even worse, solving BYOD challenges is not what you should really care about. BYOD is just a symptom of a far bigger evolution. This evolution is about what my colleague Craig Burton just recently called “The Computing Troika” – the three major changes we are facing: Cloud Computing, Mobile Computing, Social Computing. This is about new delivery models for IT. It is about users using new types of devices (and more of them) inside and outside the corporate network. It is about opening up our communication for more external users, including our customers, leads, prospects, and so on. And it’s about communicating with them in a different way.”

Valuable Identity

  • NSTIC: Jeremy Grant: Baby Steps and Big Leaps
    “This week marks two months since the Identity Ecosystem Steering Group (IDESG) first convened in Chicago. “
  • VanRoekel: Agencies to adopt NSTIC
    “The Office of Management and Budget wants agencies to adopt the National Strategy for Trusted Identities in Cyberspace, or NSTIC, to enable shared, citizen identity management across government.“
  • Episode 102: Driver licenses and Internet IDs
    “Regarding ID’s Gina Jordan spoke with Geoff Slagle, director of identity management at the American Association of Motor Vehicle Administrators about the pilot. AAMVA will lead a group of private industry and government partners to implement and pilot the Cross Sector Digital Identity Initiative.”
  • Visa Fills Out Its V.Me Digital Wallet Strategy: Signs PNC As First Bank Partner; Adds 1-800-Flowers To Retailer List
    “Visa is gunning against MasterCard’s PayPass, PayPal, Square and others to become consumers’ default digital wallet for online and mobile payments, and today it’s announcing two pieces of news in that strategy: it is adding PNC as its first U.S. banking partner, and 1-800-FLOWERS as a key retailer, to its digital wallet scheme.”
  • Italian Postal System to Adopt NFC Payments
    “Following announcements by Italian banks in recent weeks of impending widespread NFC deployment in Italy in early 2013, the Italian postal system has made its intentions clear of becoming NFC friendly towards the end of next year. “


* Required Fields