I seem to always be nodding my head, "Yes!", when I read Gunnar Petersen. With our headlong rush to API-enable every device on the planet (see the API section below), Gunnar and Mark O'Neill's list is a candidate for an OWASP page:
Stephen Wilson: Opinion: Why NFC trumps biometrics. It's been suggested that with Apple's introduction of biometric technology, the "i" in iPhone now stands for "identity". Maybe "i" is for "ironic" because there is another long-awaited feature that would have had much more impact on the device's identity credentials.
Brian Krebs: Adobe Breach Impacted At Least 38 Million Users The recent data breach at Adobe that exposed user account information and prompted a flurry of password reset emails impacted at least 38 million users, the company now says. It also appears that the already massive source code leak at Adobe is broadening to include the company's Photoshop family of graphical design products.
Oracle: OpenWorld 2013 Presentation Links We have had a lot of requests for OpenWorld 2013 presentations that were delivered by the IDM team this year in San Francisco. To make things easier, I have uploaded all of the presentations to SlideShare. Here is a list of available presentations:
Craig Burton: The Age of Context and the API Economy Veteran writers and pundits Shel Israel and Robert Scoble recently had their new book, "The Age of Context" published. The thesis of the book is solid. I think the book is spot on and relevant to what is really happening. At the same time, it misses a critical ingredient to their predicted perfect storm. Indeed without it, I predict, the Age of Context will never come into existence.
Tim Bray: FC9: Social Sign-in This term gets bandied about quite a bit in the Federation Conversation. When it comes up, developers tend to strong emotional reactions: On the one hand "We really need social sign-in to make our service work" and on the other "Ewww, no way; I don't want our users worried about what's being shared." I've been digging around the subject; sometimes I think there's no there there.
Stephen Wilson: A serious advance in mobile device authentication IBM Zurich researcher Diego Ortiz-Yepes recently revealed a new Two Factor Authentication technique in which the bona fides of a user of a mobile app are demonstrated via a contactless smartcard waved over the mobile device. The technique leverages NFC -- but as a communications medium, not as a payments protocol. The method appears to be compatible with a variety of smartcards, capable of carrying a key specific to the user and performing some simple cryptographic operations. This is actually really big.
Paul Kobos, Gemalto: A mobile hotspot that's fit for the road The promise of a fully "connected car" in the near future is an exciting prospect for drivers, passengers, mobile operators and manufacturers alike. Reliable web access on the move could help power real-time traffic advice, allow passengers to enjoy their journey and enable MNOs to deliver relevant, targeted services to motorists.
Phil Windley, Kynetx: Fuse and Open APIs I've been asked several times if the Fuse connected-car application will have an open API. The short answer is "yes". And we're planning to make that API available from the first day its available.
Sam Macklin, Layer 7: 5 Horrors of API Mismanagement At Layer 7, we decided to have a bit of fun with Halloween this year. In the spirit of all things spooky and scary, we created a little online game called 5 Horrors of API Mismanagement. It's pretty simple: you just explore our haunted house to discover five deadly pitfalls that today's API programs run into with terrifying regularity.
Kumar Srivastava, Apigee: Anatomy of a Retail API Program API programs have become commonplace at nearly all big retailers who offer multi-channel experiences to their customers through mobile apps, in-store kiosks, the Web, and personalized in-store services. Analyzing the anatomy of a typical retail API program uncovers some interesting patterns. The data here was gathered by analyzing several retail API programs that use the Apigee platform.
Fintan Ryan, Thingmonk: The Identity of Things - Every Thing is Unique. Things, like people, have identities. Even some Lego sets now have unique identifiers on every piece. One of the most interesting aspects of the current disruption in identity management, driven by cloud and SaaS adoption, is the question of identity management at vast scale - when we get beyond authenticating people, and into authenticating devices.
Patrick Harding: Vanishing IT Security Boundaries Reappearing Disguised As Identity It's not an illusion: The security boundaries we used to depend on are now little more than vapor. The migration of applications to the cloud, mobility and businesses granting nonemployees access to sensitive resources are trends challenging CIOs everywhere - at a time when IT is expected to "do more with less" and deliver added value while staff sizes shrink and the number of users and applications explodes. What's the trick for dealing with this transformation? Standards. More precisely, a set of modern identity management protocols aligned with fresh Web-based development methods and a dash of seniority from a de facto standard many enterprises use today for single sign-on.
Gigya: The Landscape of Social Login: The Identity War Heats Up In the below infographic, we've taken a look at data from Q3 2013 (July - September) to discover how consumers use Social Login in different industry verticals and geographical locations and on their mobile devices. In general, we found that Google/Google+ continues to make strong gains as an identity provider, increasing its share of logins by 2% overall on web properties in a number of industry verticals.
Mydex: What's Best for Your Council: Big Data or Small? Open or Personal? As we know, Councils aren't immune to change. The next 'big' thing for them is 'big data'. Whilst open data now is politically accepted and widely understood amongst councils, the power of big data (the large volume, variety, velocity of consumer data sets and technologies) is just dawning on everyone. But just how seriously should Chief Executives take it?
Identity Woman: Interesting events in 2013 This is a calendar of events that I know in 2013 (and beyond). I think they're interesting, I'm currently planning on attending all the events in BLACK, I'm helping co-organize all the events with RED headlines. Some events will change from interesting to attending as they approach.
InCommon Advance CAMP: Identity Services Summit Nov. 12-13, 2013 San Jose, CA. https://spaces.internet2.edu/display/ACAMP2013/Home Part of the 2013 Identity Week (www.incommon.org/idweek) Join leading identity architects and developers from U.S. research and higher education and international and commercial identerati. Explore the state of the art in identity services and discuss the leading edge work that's taking us there. Join us and get involved!
InCommon: CAMP Cloud: Identity and Access in an Era of Outsourced Services Nov. 14-15, 2013 - San Jose, CA. Part of the 2013 Identity Week (www.incommon.org/idweek) Are your campus stakeholders looking at cloud-based solutions? Are you experiencing challenges or do you have concerns with outsourcing email, storage, or other essential services? Are you concerned about the management and maintenance of an accurate, accountable identity inventory?
Gartner Identity & Access Management Summit 18 - 20 Nov. 2013 | Los Angeles, CA. Gartner Identity & Access Management Summit 2013 shows you how to develop your IAM strategy while advising on tactical IAM issues, challenges by BYOD or SaaS adoption, integration of social platforms, and more.
KuppingerCole Information Risk & Security Summit 2014 Nov. 27-28, 2013, Frankfurt, Germany The Information Risk & Security Summit at the Frankfurter Innovationszentrum FIZ Conference Lab, offers an unseen combination of thought leadership and interactive session formats, tackling the most demanding questions IT professionals are confronted with: How to support the extended & connected enterprise with brilliant services without taking too many big risks.
ThingMonk Dec 3, 2013; Shoreditch Works Village Hall, London The event will bridge Web Startup Internet of Things communities with their peers in the Industrial Internet/Machine to Machine To Machine space. We will bring elite developers and practitioners together, fostering cross-sector collaboration.
Cloud Security Alliance Congress Dec. 4-5, The Rosen Centre Hotel, Orlando, FL The CSA Congress is the industry's premier gathering for IT security professionals and executives who must further educate themselves on the rapidly evolving subject of cloud security.