Read on to get all the identity news from last week:
Brian Krebs: Facebook Warns Users After Adobe Breach Facebook is mining data leaked from the recent breach at Adobe in an effort to help its users better secure their accounts. Facebook users who used the same email and password combinations at both Facebook and Adobe's site are being asked to change their password and to answer some additional security questions.
Anil John: Balancing Identity Assurance and User Enrollment UX Public sector services typically prioritize policy compliance (security, assurance, privacy etc.) over user experience (UX) when it comes to service delivery. Contrast this with private sector services where the desire to capture the consumer and not have them go to a competitor drives the decision to make the UX friction-free a higher priority. Effective public sector service delivery requires a balance between these two extremes but expertise and experience in this domain is either lacking or hard to come by.
Tim Bray: IETF 88 I attended to pitch in on JSON and OAuth work because it was here in Vancouver. But this meeting was really about defending the Internet from those attacking it. Which is worth everyone's attention and deserves more explanation than I've seen in the mainstream media
Joni Brennan: Consumers and Things over employees IdentityNorth gathers Canadians that are interested in creating and sustaining a conversation about Digital Identity and Authentication. It acts as a platform where organizations and individuals interested in digital space, interoperating projects, standards and related technology can share their insights and ideas from around the world. (identitynorth.ca)
Gunnar Peterson: Boring is Good I went to the Cloud Identity Summit in Napa this year. Just like every year there were great talks that showed new ways to solve old problems. One of my favorite was from Amazon on their cloud identity and security work. It was an incredibly boring talk actually. Watching Amazon's IAM progress can be like watching grass grow.
OpenID Trademark and Service Mark License The OIDF board recently voted to adopt an OpenID Trademark and Service Mark License policy. The following are some of the guidelines regarding acceptable uses of OIDF trademarks outlined in the license.
Capital One Gets Bullish with Pattern Password Ad Adventurer Jonathan Watson takes that chore to a new extreme in a Capital One spot promoting SureSwipe, a mobile-banking feature that allows customers to log into their accounts by tracing a pattern on the screens of their smartphones.
Paul Madsen: Client authentication in MQTT Separate from the interoperability challenge presented by so many different client authentication mechanisms, there is (to my mind) a more fundamental issue with MQTT's client authentication model.
Kashmir Hill, Forbes: Your Phone Number Is Going To Get A Reputation Score Now Telesign wants to leverage the data --and billions of phone numbers -- it deals with daily to provide a new service: a PhoneID Score, a reputation-based score for every number in the world that looks at the metadata Telesign has on those numbers to weed out the burner phones from the high-quality ones. Yes, there's yet another company out there with an inscrutable system making decisions about you that will affect the kinds of services you're offered.
Craig Burton: Identity and the API Economy In retrospect, there was something curious missing from all of the presentations and conversations at the conference -- the lack of discussion about the role of identity access management and APIs. It is clear that the API community doesn't get that API ubiquity is an identity problem as much as it is an API design and maintenance problem.
Robert Stroud: Internet of Things: Are you ready? This is just the beginning. The "Internet of Things" (IoT) era has begun where everything has an IP address and can be connected. In this highly connected world, issues associated with governance and management will be critical along with privacy and how the vast volumes of information are to be used. Recently, I participated in a study with ISACA as part of their annual Risk/Reward barometer.
Ian Glazer: Big P Privacy in the Era of Small Things Recently, I was asked to give a talk about privacy challenges of the Internet of Things. A couple of years ago, I did some research on data labeling techniques that I realized were directly applicable to these privacy challenges. Subscribers can check out the research here and you can read a little more about the goal of the research on this blog. Enjoy the video and I'd love your feedback!
Phil Windley: Fuse Funds! Thank You and Next Steps The Fuse Kickstarter campaign has ended and we exceeded our goal of $60,000 by over $19,000 for a total of $79,024. More importantly, there were 386 backers of the project. I'm grateful to everyone who supported this and humbled by the messages of encouragement, backed by hard currency, that I received from family members and friends. Thank you all!
John Fontana: Amazon answers enterprise call, adds SAML to AWS With a tip of the hat toward existing enterprise identity management deployments, Amazon.com announced it would finally support a standard federation protocol that will enable single sign-on to the AWS management console and application interfaces.
Binary Blogger: Google Forcing YouTube Comments To Use Google+ Is Not About Anything But Money No matter how much you think Google is paving the way for removing anonymity from the Internet, the core functional foundation of the Internet is anonymity, handles, and personas, Google doesn't care. Even when you look at their participation and information delivery to government agencies at a drop of a hat, this move to Google+ for comments is not about making that easier either.
Dave Birch: Why all the fuss about HCE? First things first. Why is everyone in our cozy corner of the transactions treehouse asking about Host-Based Card Emulation, HCE, all of a sudden? HCE is quite simple: it means using the NFC interface on a device (a PC, a mobile phone, a car, whatever) to allow the device to be a contactless card so that you can make a payment (or present a ticket, show an ID card or a million other things). If you want to make your phone be, for example, your Barclays debit card then you have to overcome two problems: first of all, the phone has to store some security information and secondly the phone has to be able to send this information through NFC. Until recently, both of these things were difficult.
Identity Woman: Interesting events in 2013 This is a calendar of events that I know in 2013 (and beyond). I think they're interesting, I'm currently planning on attending all the events in BLACK, I'm helping co-organize all the events with RED headlines. Some events will change from interesting to attending as they approach.
KuppingerCole Information Risk & Security Summit 2014 Nov. 27-28, 2013, Frankfurt, Germany The Information Risk & Security Summit at the Frankfurter Innovationszentrum FIZ Conference Lab, offers an unseen combination of thought leadership and interactive session formats, tackling the most demanding questions IT professionals are confronted with: How to support the extended & connected enterprise with brilliant services without taking too many big risks.
ThingMonk Dec. 3, Shoreditch Works Village Hall, London The event will bridge Web Startup Internet of Things communities with their peers in the Industrial Internet/Machine to Machine To Machine space. We will bring elite developers and practitioners together, fostering cross-sector collaboration.
Cloud Security Alliance Congress Dec. 4-5, The Rosen Centre Hotel, Orlando, FL. The CSA Congress is the industry's premier gathering for IT security professionals and executives who must further educate themselves on the rapidly evolving subject of cloud security.