Event data recorders in cars - another example of how it is not black and white: there needs to be a balance between information and privacy, especially who is in control of the information.

  • John Fontana: Auto groups move to ensure cars don't fuel privacy violations
    “Last week, the Department of Transportation (DOT) proposed a requirement that all vehicles built after September 1, 2014 include event data recorders (EDR) known more commonly as black boxes. The AAA, formerly known as the American Automobile Association, isn't against EDRs, but it is insisting Congress act to protect the privacy of motorists.”

There were several other interesting items for the identity community from last week:


  • Zeus botnet steals $47M from European bank customers
    “New variant dubbed "Eurograbber" intercepts bank text messages sent to mobile phones to defeat two-factor authentication process.”
  • Jim McDonald: The Active Directory-Centric IAM Strategy
    “We encourage organizations to leverage their investment in AD. Especially now, using AD as an authentication for enterprise applications is an inexpensive way to externalize identity from the application. However, this is not a complete solution. “
  • G&D enables mobile phones to check banknote authenticity
    “German smartcard and security printing group Giesecke & Devrient has developed a security feature called MAGnite that allows mobile phone users to verify banknotes authenticity. The system uses interaction between special colour pigments and magnets such as those used in mobile phone speakers. The colour pigments align along the magnetic field lines when the note is placed over a magnet and make the feature visible through a high-contrast change of the image on the note.”
  • New Council for Identity Protection to examine online identity issues
    “The founding board members of the group are Stephon Coggeshall, CTO of ID Analytics, a LifeLock subsidiary; Ori Eisen, founder and chairman of The 41st Parameter; Chris Jay Hoofnagle, director of the Berkeley Center for Law & Technology’s information privacy programs and senior fellow to the Samuelson Law, Technology & Public Policy Clinic; Dr. Markus Jakobsson, principal scientist of consumer security at PayPal; Kevin Mitnick, author of several books on computer security and fraud; and David Montague, founder and president of The Fraud Practice.”
  • Life, Identity, and Everything
    “Tim Bray is the Developer Advocate, and Breno de Madeiros is the tech lead, in the group at Google that does authentication and authorization APIs; specifically, those involving OAuth and OpenID. Breno also has his name on the front of a few of the OAuth RFCs. We’re going to talk for a VERY few (less than 10) minutes on why OAuth is a good idea, and a couple of things we’re working on right now to help do away with passwords. After that, ask us anything.”
  • Susan Zhang: Tag Archives: federated identity management
    “Now that I’ve gotten all my official results from master’s degree, I thought it was about time I made a little post about the research project I slaved and suffered so much for over the summer. If you’d like to read the whole thing, download it here. Or read the abstract:”
  • Gunnar Peterson: The Most Important IAM Question: Who Does This?
    “IAM projects get so wound up around tooling and processes that critical organizational questions go unanswered”


  • Nat Sakimura: [OAuth] Resource Owner != Client User
    “I have been preaching this numerous time, but let me do it once more. There seems to be a very common misperception that in OAuth that the Resource Owner (the entity who gives permission for the resource access, aka “authorization”) and the client user at the resource access time is the same. It is plainly wrong.”



  • Mike Amundsen: Three Common Web Architecture Styles
    “Architectural styles set the tone for how components in a system interact, govern the implementation details and establish lines of responsibility and maintenance over time. Setting the style early on and communicating it to the team ahead of time goes a long way toward creating a stable and successful implementation. To help clients get a handle on this topic, I commonly identify three widely varying-styles for Web solutions that people can easily recognize: Tunneling, Objects and Hypermedia.”
  • Apigee: Helen Whelan: Essential API Facade Patterns: One Phase to Two Phase Conversion (video & slides)
    “In part 3 of our series, @Santanu_Dey explored One Phase to Two Phase Conversion - or how to expose a single phase API out of a two phase API. This pattern and the conversation in the webcast focuses on exposing an API for easy consumption by app developers.”

Cloud Computing

  • Filiberto Selvas: From Personal Computers to Personal Clouds
    “Now take this basic concept and extend it to other use case scenarios: price changes, scheduling conflicts, simple task requests, restaurant reservations, group and individual notifications, instrumentation of our daily health feeding data to our Doctor, status of our prescriptions, re-stocking of our pantries, etc. Clearly there is incredible value for the individual and great opportunities for companies to deliver values if we had Personal Clouds available to us. “
  • Drummond Reed: The Difference Between a Personal Cloud and a Personal Data Vault
    “So I’m updating the diagram I posted in August just to make sure it’s still clear: a personal cloud is to a personal data vault what a personal computer is to a file system.”
  • EMC follows VMware, rest of world into OpenStack
    “The news was posted to a blog by EMC global marketing CTO Chuck Hollis late Tuesday. Hollis wrote that OpenStack, like Linux before it, has “matured in to a serious enterprise operating environment” and “the OpenStack Foundation is the key industry nexus point for the evolution of a growing number of different-flavored distributions and editions.””

Valuable Identity


* Required Fields