How are your Facebook, Zynga, and Groupon investments doing? Don’t look back, look forward. Maybe take a tip from Dan Lyons, Editor-in-Chief of ReadWrite. Liquidate and invest in companies that have long term value, eh? (This is not investment advice, just an observation.)

  • Dan Lyons: 2013: The Year When Things Get Real Again
    “I’ve been thinking about it this way: 2013 is the year when things get real again. By real I mean we’re going to be focusing on real companies that make real products that cost real money and get bought and used by other real companies. Not those crappy, kooky, consumer-focused startups that can’t raise any more money. I’m talking about companies whose products involve real engineering, stuff that goes beyond what three kids can do in a weekend on a startup bus on their way to SXSW.”

There were several other items of interest to the identity community:


  • Andreas Leicher: 2012 in Identity Management
    “I will not cover everything because too much is going on, but I will rather try to highlight some events that most of the people active in the Identity Management ecosystem and community are likely to remember.”
  • Anil John: How WAYF implements informed consent for attribute release without storing PII
    “A series of blog posts on the IDMGOV Blog (Part 1, Part 2, Part 3) discussed the data minimization principles of anonymity, unlinkability and unobservability and their relationship to identity federation, walked through a proxy architecture that provides those principles in a federated authentication system, and discussed how the need for verified attributes for user enrollment affected the data minimization principles. In this blog post, I would like to discuss an alternate flow that eliminates the need to maintain identifier mappings at the proxy, and how consent for attribute release can be implemented without storing personal data.”
  • Travis Spencer: BYOD in Sweden, Scandinavia & Europe
    “I was discussing this topic with a group of friends at a recent Christmas party. To my surprise, one of them who has been working in the Swedish IT industry for years had never heard of BYOD. This got me to thinking: How widespread is BYOD adoption in Sweden, Scandinavia, and Europe? From the one Noel party, it seemed to be lagging, but that's a single data point. After looking around for others, I thought I'd share my findings.”
  • Anil John: A Model for Separating Token and Attribute Manager Functions
    “Some time ago I attended an event at which some members of the Kantara Initiative Identity Assurance Working Group presented "an approach to separating credential provision functions from identity attribute functions" (PDF). I've given this a bit of thought and, using their work as a starting point, modified it to incorporate terminology consistent with the NIST Electronic Authentication Guideline (SP 800-63-1).”
  • Vittorio Bertocci: OAuth 2.0 and Sign-In
    “I dread it, because the question in itself is an indication that the asker uses “OAuth 2.0” in its conversational meaning, as opposed to referring to the actual specification and all that entails. For the non-initiated, the term “OAuth” has come to be a catch-all term that expresses intentions and beliefs about what one “authentication protocol” should be and do, rather than what it actually does (and how). Therefore, the answer will have to include lots of context-setting and myth-debunking; in fact, the entirety of the answer is context setting, as once the asker knows how OAuth 2.0 really works the question becomes a non-sequitur.”
  • Dave Kearns: Fast away the old year passes
    “Each year there are a couple of technologies, catch phrases, acronyms or abbreviations that catch the fancy of the non-technical press and become the “IT buzz words” of the year. Those of us in technology try to do our best to either explain what the buzz words really mean or throw up our hands and nod whenever they are uttered. For example, in 2011 “Cloud computing” was such a buzz phrase. In 2012, there were two related buzz abbreviations I want to talk about – BYOD (Bring Your Own Device) and MDM (Mobile Device Management).”
    “It's true: Static shared secrets are sitting ducks. But passwords are too useful to go away entirely, both because it's handy to be able to synchronize authenticator data between cooperating systems (and people), and because people find using passwords to be less invasive, fiddly, or personally identifying than a lot of other options. So I don't buy the whole "the era of passwords is over" thing. They will be at least one important element of authentication strategies for the foreseeable future -- it's a rare multi-factor authentication strategy that doesn't include a password or PIN somewhere along the line as one of the "things you know."”
  • Robert Lemos: Targeted Attacks, Weak Passwords Top IT Security Risks in 2013
    “The biggest security threats to companies in 2013 will depend on who is attacking the business: Opportunistic criminals will continue scanning for accounts with default or weak passwords, while targeted attackers will refine their attempts to fool employees, business services firm Verizon and security software firm McAfee stated in separate reports.”
  • Ellen Messmer: Gartner: Cloud computing, mobile ushering in "major shift" for enterprise security practices
    “Gartner Thursday held forth on what it expects to be the top security trends for 2013, citing the rise of cloud computing, social media and employees bringing their own devices to work as among the forces likely to produce radical changes in how enterprises manage IT security. The market research firm also says the "major shift" expected in IT security in 2013 will shake up established IT security vendors as newer players in cloud and mobile challenge them.”
  • Clint Fuhrman: Identity Management: A New Way to Fight Health Care Fraud, Waste and Abuse
    “The answer is a robust identity proofing management. Government agencies must invest in identity verification and authentication at the front-end of benefit administration. The right identity-proofing strategy must be anchored by robust master data management and rules-based solutions, as well as comprehensive identity management. This type of rigorous identity management involves two processes:”

Cloud Computing

  • Drummond Reed: KRL and XDI: Digital Chocolate and Peanut Butter
    “As I read each of these points, every place I see the term “PDO” I read “XDI graph”. XDI is a way to have universal interoperability and portability of PDOs. (This doesn’t mean that every PDO must use XDI, just that XDI is a way to have widely interoperable PDOs.)”

Valuable Identity


* Required Fields