Binary Blogger: Personal Use Password Dos and Don'ts - Protect Yourself Time and time again I see horrific and scary account practices by users that are just begging to be exploited to the extreme and cause years of identity theft and financial loss potential. I wanted to write a post to help people understand the threats and risks that they are undertaking by some of the common practices as well as give tips that will help mitigate these risks yet not cause a password management nightmare for the user.
Lots more follows from the news of identity:
Azure Active Directory: What is the Graph API? In Azure Active Directory (AAD) there is a Graph API. This is the main API to access AAD. The idea of a Graph API is not entirely new. The one provided by Facebook is already well established. But what is this really about and why does AAD provide such an API?
Oracle OpenWorld '13 Part 1 - Midway Report Whilst the majority of the IT press is focusing on the big announcements being made here at Oracle OpenWorld, such as in-memory storage and the extended collaboration between Oracle, EMC and Microsoft, I would like to focus a bit more on the Identity & Access Management news. There are several new innovations from Oracle which have not got the same attention as the keynotes, even though many of them are, in my opinion, game-changing and could have a significant impact on the business world. In this post, I will cover them briefly, and in the following weeks I will be going into more details for some of them.
Tim Bray: FC8: On Trust All these technology and information-flow and money issues in the Federation Conversation are real, they matter. But none of them matter as much as trust. For flavor, here's commenter Dewald Reynecke: "I don't trust Facebook/Google as far as I can throw them -- I simply do not want to outsource my identity to an advertising company."
Mark Dixon: Privacy and Security by Design: Foundational Principles To prepare for my first meeting with Ann Cavoukian earlier this year, I drafted a brief table which proposed a set of principles for Security by Design that aligned with the well-know foundational principles for Privacy by Design. It seemed to me that this would provide a starting point for exploring how security both supported and benefited from Privacy by Design principles. I published that draft table on my blog back in March of this year.
InCommon Seeks Representatives for Assurance Advisory Committee InCommon announces an open call for nominees for one audit, one identity provider and one service provider representative to Assurance Advisory Committee, the group responsible for overseeing Bronze and Silver Profile certification and program development.
Mike Jones: WebFinger is now RFC 7033! I'm pleased to announce that the WebFinger specification has now been published as an RFC - RFC 7033. WebFinger enables discovery of information about a user or resource at a host using an HTTP query to a well-known https endpoint, with the discovered information being returned in a simple JSON structure. For instance, OpenID Connect uses WebFinger to discover the location of a user's OpenID Connect server.
Francois Lascelles, Layer 7: Common OAuth Security Mistakes & Threat Mitigations With our digital lives scattered across so many services, there is great value in technology that lets us control how these service providers interact on our behalf. For providers, making sure this happens in a secure way is critical. Recent hacks associated with improperly secured OAuth implementations show that OAuth-related security risks need be taken seriously.
A recipe for PII PII, Personally Identifiable Information (also phrased as Personal Identity Information) is at the heart of identity security and privacy. Yet, like almost all terms in the Identity sphere, it suffers from multiple overlapping definitions leading to misunderstandings, heated discussions and a distinct lack of clarity.
Nick Crown, UnboundID: The Summer of Snowden: A Summary of PII 2013 The PII conference is curated by the self-professed techie and policy nerd Natalie Fonseca, who leads a thought-provoking forum attracting privacy technologists, legal buffs, and social activists. This melting pot of various views and positions on privacy-related topics provides an excellent snapshot of the privacy world in the U.S. Aside from the nifty "The Summer of Snowden" meme, here are some highlights from the discussions that are worth the price of digital ink:
Stephen Wilson: Is it Personal Information or not ? Embrace the uncertainty. What matters for the present discussion is that the amendments remove the previous condition that identification of the individual be done from the Personal Information itself. So under the new definition, we are required to consider data as PI if there is a reasonable likelihood that it may be identified in the future by any means!
CFPB Data Mining Draws Concern in Congress A CFPB strategic planning document for fiscal years 2013-17 describes the 'markets monitoring' program through which officials aim to monitor 80 percent of all credit card transactions in 2013.
Identity Woman: Interesting events in 2013 This is a calendar of events that I know in 2013 (and beyond). I think they're interesting, I'm currently planning on attending all the events in BLACK, I'm helping co-organize all the events with RED headlines. Some events will change from interesting to attending as they approach.
InCommon: IAM Online - Security Awareness for User Authentication: Passwords and Beyond Wed., Oct. 9, 2013, 3 pm ET www.incommon.org/iamonline October is National Cyber Security Awareness Month. Among the many possible themes and messages for end users during October is advice and tips on effective password management. This session will provide an overview of campus security awareness efforts designed to improve user authentication experiences.
12th Annual Smart Card Alliance Government Conference Washington, D.C.; Oct.14 - 16, 2013 | 8:30 AM - 5:00 PM The 12th Annual Smart Card Alliance Government Conference will survey opportunities and challenges for government issuers, accreditation and testing authorities, procurement programs, and the industry to meet the government's market demands.
Kantara TIDX Summit at Smart Card Alliance - Oct 14 Kantara Trusted Identity Exchange (TIDX) Summit at Smart Card Alliance on Oct. 14, 2013 Our workshop will provide expert insights about current and emerging ID Solutions and their flow from instantiation to real-world use. We've got an amazing line up and we'd love to hear from you too!
User-Centric ID Live Opportunities for relying parties in NSTIC and the new identity ecosystem. Oct. 15-16, 2013 - Washington Convention Center, Washington, D.C.
eID & ePass 5th edition National eID & ePassport Conference - the Global Forum on the drivers behind the digitalization of citizen ID documents proudly announce the 5th edition in BERLIN 2013, 28th & 29th of Oct. @Intercontinental Berlin.
InCommon Advance CAMP: Identity Services Summit Nov. 12-13, 2013 San Jose, CA https://spaces.internet2.edu/display/ACAMP2013/Home Part of the 2013 Identity Week (www.incommon.org/idweek) Join leading identity architects and developers from U.S. research and higher education and international and commercial identerati at Advance CAMP. Explore the state of the art in identity services and discuss the leading edge work that's taking us there. Join us and get involved!
InCommon: CAMP Cloud: Identity and Access in an Era of Outsourced Services Nov. 14-15, 2013 - San Jose, CA Part of the 2013 Identity Week (www.incommon.org/idweek) Are your campus stakeholders looking at cloud-based solutions? Are you experiencing challenges or do you have concerns with outsourcing email, storage, or other essential services? Are you concerned about the management and maintenance of an accurate, accountable identity inventory? Come and learn about solutions being discussed and implemented across higher education.
KuppingerCole Information Risk & Security Summit 2014 Nov. 27-28, 2013, Frankfurt, Germany The Information Risk & Security Summit Frankfurt 2014, offers an unseen combination of thought leadership and interactive session formats, tackling the most demanding questions IT professionals are confronted with: How to support the extended and connected enterprise with brilliant services without taking too many big risks.