Ping has been operating an ultra-high availability data center for our on-demand identity service, PingOne, for about four years. One of the key reasons that we have been able to achieve such high uptimes and high performance is Beau Christensen, lead site reliability engineer, and the team he has assembled. Here he shares some of his secret sauce for monitoring:
- Beau Christensen: 5 Layers of the Monitoring Stack
"In a perfect post #monitoringsucks world, operations teams would have a single magical tool that would provide capacity planning, self healing, trending information, system alerts, and application monitoring across your entire infrastructure. In reality, Infrastructure Operations has to make a choice between forcing a single monitoring system into multiple roles or choosing a best of breed solution for each component of the system. At Ping, we've chosen the latter."
There were several other items of interest to the identity community:
General
- John Fontana: Kill, fix, advance: Identity stakes out an evolution
"Authentication, trust, and the cloud emerge as pressing issues for identity's evolution, according to the RSA Conference panel." - Google's Vint Cerf talks identifiers vs. pseudonyms online
"Google's chief Internet evangelist discusses the importance of strong authentication across all connected devices at RSA 2013."
[Strong Authentication and Pseudonymity on the Internet - Vint Cerf - RSA Conference US 2013 Keynote] - John Fontana: Big data brings intelligence-based security, RSA chief says
"Security architectures will gain smarts by analyzing zettabytes of data." - Beyond User Names and Passwords: Meet the NSTIC Pilots at RSA
"The five NSTIC pilots are deploying innovative approaches to online identity management in financial services, retail, health, and education. Each is piloting secure, privacy-enhancing, and usable technologies that go beyond usernames and passwords to ensure trust, confidence, and ease-of-use. Brief descriptions of the pilots are below, highlighting the security technology component of each, along with contact information here at RSA. " - Fraud in Digital Goods Sales 201 (Signifyd post)
"Fraud in digital goods is a real problem, but a solvable one. Don't let the threat of lost money shut down your business and drive you to blocking whole countries from your system."
[An example of using recognition instead of authentication.] - Felix Salmon: More convenience, less privacy
"At heart, however, the two shops are selling much the same product: a way of making online shopping as painless as possible, with payment pushed off until tomorrow. It's a pretty good idea. But what's interesting to me is the way that Affirm founder Max Levchin is touting Affirm's know-your-customer algorithms: the site will identify who you are using Facebook, pull in lots of other data including your zip code and your mobile device ID, and use all of that information to predict how likely you are to pay the bill once you receive it."
[More recognition...] - Ben Adida: Persona plays well with Firefox's third-party cookie policy
"Firefox is experimenting with a new third-party cookie policy." - Nat Sakimura: Explicit Consent - Turning Internet Dog into Pavlov's Dog
"And here comes the "explicit consent requirement" that EU promotes. Oh, no. That's a disaster." - Fahmida Y. Rashid: Google Two-Factor Authentication Bug Allowed Account Hijacking
"Google allows users to turn on two-factor authentication on their Gmail account for stronger security and generate special access tokens for applications that don't support two-step verification. Researchers at Duo Security found a way to abuse those special tokens to completely circumvent the two-factor process, wrote Adam Goodman, principal security engineer at Duo Security." - Bruno Lowagie: Identity
"I volunteered to ask around in my "iText" network in the US and ask people to submit a proposal for a talk. So far, I wasn't very successful. This confirms the huge cultural difference between Anglo-Saxon countries and the rest of the world regarding eIDs (and identity cards in general) I noticed whilst writing my white paper on digital signatures." - Martin Kuppinger: Do we need to kill IAM to save it?
"When I read the newsletter of Radiant Logic - which take a fairly different view than Ian Glazer - and listened to the webinar, I started looking for some of the stuff my colleagues and me have written about this." - Martin Kuppinger: This Week in Security
"OK, in fact this is about the last few weeks in security this time - but in future it will be most time about looking back at the previous week." - ForgeRock VP of Community Elected President of 2013 Kantara Initiative's Board of Trustees
"Allan Foster accepts position to further identity community's mission for secure, identity-based, online interactions" - Dave Kearns: Pervasive and ubiquitous identity
"I read a lot. Mostly about identity, security, the cloud and other tech topics, but because I'm a writer I'm also interested in the tools of the trade. That's why, every week without fail, I read the World Wide Words newsletter. Through it, I find out about words such as this past week's "nidicolous" ("If your offspring are proving recalcitrant or obstreperous you may like to hurl the epithet nidicolous at them. It will be accurate and tantalizingly unclear; it might even provoke them to crack open a dictionary to discover whether you're insulting them.") No, I won't tell you. Go to the web site. The reason I bring up World Wide Words here, though, is that this past week it intersected with what we're talking about at KuppingerCole: The Internet of Things."
Technology
- Phil Hunt: Standards Corner: Tokens. Can You Bear It?
"This week's post is all about tokens. What are the different types of tokens that may be used in RESTful services? How are they the same/different from browser cookies? What are access tokens, artifacts, bearer tokens, and MAC tokens? " - Windows Azure Active Directory Cartoon
"Windows Azure Active Directory is described in cartoon format in this video. It's an easy to follow sketch of all the major pieces and how you can use it. It also describes the differences between Windows Azure Active Directory and Windows Server Active Directory."
[Events has moved to the bottom of the entry.]
Cloud Computing
Mobile
- Google Group: Paul Madsen: Native Authorization Agent
"The rise in popularity of mobile native applications amongst consumer and in the enterprise & cloud demands some sort of Single SignOn (SSO) experience for users of such applications. This group is defining a technical architecture to enable Native Application SSO. The architecture introduces a Native Authorization Agent (AZA) onto the mobile device. An AZA is a software application that, once installed onto a mobile device, assists other applications on that device in obtaining the security tokens required to authenticate to those applications corresponding APIs. Because it is only the AZA that is explicitly authenticated/authorized by the end-user, with other applications able to leverage this authentication, the model can enable a SSO experience for users of native mobile applications. The architecture is based around a profile of the OpenID Connect protocol for the interactions between the AZA and the various other actors involved."
Valuable Identity
Events
- SX GoLab Identity Biergarten
"Gluu
Saturday, March 9, 2013 from 5:00 PM to 8:30 PM (PST), Austin, Texas
Insiders know that some of the most exciting and important events that take place in Austin, Texas during this time of year are the ones that take place on the fringe of the marquee interactive festival that is happening in the middle of downtown Austin March 8 - 12. South by GoLab is THE event for technology-focused companies and the businesses that serve them. Think of South by GoLab as the off-Broadway show that generates as much or more excitement than the Broadway show." - Cloud Identity Meetup
"Gluu, Monday, March 11, 2013 from 12:30 PM to 1:30 PM (PDT), Austin, Texas
Join Gluu CEO & Founder Mike Schwartz for an official SXSW meetup and discussion on current Internet standards for identity from the IETF and other relevant organizations, including OAuth2 and OpenID Connect." - 5th Federated identity management for research communities (FIM4R) Meeting
"Villigen (Switzerland), 20-21 March 2013
This workshop in the fifth in a series that started in summer 2011 to investigate Federated Identity Management for Research (FIM4R) collaborations." - First eID-Network Conference
"Brussels, 20 March 2013
The first eID-Network Conference will be held on March 20th 2013 in the Egmont Palace in Brussels, in close cooperation with the annual EPCA Payment Summit. The eID network conference focuses on eID in relation to online services toward persons, businesses and governments. We believe eID and related concepts are crucial for advancing e-business transactions, therefore we refer to this as 'transactional eID'." - IDESG Online Meeting
"Fri, Mar 22, 2013 2:00 PM - 5:00 PM EDT" - Dan Whaley: I Annotate: A Workshop
"After two decades of progress in infrastructure and web technologies, we believe the time is finally at hand to realize the widespread annotation of human knowledge. On a recent call a suggestion was made to bring together people building annotation solutions with those that ultimately will use them. The obvious sensibility of that idea led a number of us to approach the Andrew W. Mellon Foundation for funding for a workshop, which they approved several weeks ago. We're calling it I Annotate, and it will be April 10-12, here in San Francisco, at the Fort Mason Center." - Internet Identity Workshop XVI #16 - 2013A
"Phil Windley, Kaliya Hamlin, & Doc Searls
Tuesday, May 7, 2013 at 8:00 AM - Thursday, May 9, 2013 at 4:00 PM (PDT)
Mountain View, CA
Super Early Bird Ticket Feb 18, 2013" - European Identity & Cloud Conference 2013
"May 14 - 17, 2013 at the Dolce Ballhaus Forum Unterschleissheim, Munich/Germany," - Call For Papers - Open Identity Summit 2013
"September 10th - 11th 2013, Kloster Banz, Germany
Deadline for electronic submissions: May 15th, 2013
The aim of Open Identity Summit 2013 is to link practical experiences and requirements with academic innovations. Focus areas will be Research and Applications in the area of Identity Management and Open Source with a special focus on Cloud Computing." - eID & ePass 5th edition
"National eID & ePassport Conference - the Global Forum on the drivers behind the digitalization of citizen ID documents proudly announce the 5th edition in BERLIN 2013, 28th & 29th of October @Intercontinental Berlin."
Â