Google announces that it plans to offer hardware token-based two-factor authentication. They plan to fit this into their FIDO framework. Woof! Woof! Down with passwords!
Amadou Diallo: Google Wants To Make Your Passwords Obsolete If Google has its way, however, the very notion of typing in a password may soon be obsolete. In 2014, the Internet giant plans to release an ultra-secure and easy to use identity verification platform that eliminates the need for long, user-generated passwords. Dubbed U2F (Universal 2nd Factor), the consumer-facing side of this initiative will be a USB dongle called the YubiKey Neo.
Dave Kearns: Dogged Determination There are now more than 50 members of the alliance, and someone mentioned that Google was an early joiner - not a founding member, but getting on board soon after. The question was Why Google would do this and what that portended for FIDO's future.
I was on vacation for a week so there is lots to read:
Sean Deuby: The Year In Identity, 2013 Edition It's December, and that makes it a good time to look back on 2013 to summarize some of the year's high and low points in the identity field. I've also included some remarks from an interview with Ping Identity's CEO Andre Durand on the state of identity today, and where it's going.
Rainer Hörbe: Snapshot: SAML IOP Past, Present, and Future Our guest blogger today is Kantara Member Rainer Hörbe. Rainer has been a contributor, architect and standards editor for the Austrian eGovernment federation. In the European cross-border eHealth federation project epSOS he served as security policy adviser. As a Member of Kantara Initiative, OASIS, and ISO SC27 he is engaged in developing models and standards in federated identity management.
Mike Schwartz: Postcard from IdentityNext 2013 IdentityNext is a unique conference that pulls aspects from several of the identity events I've attended over the years. As only a handful of Americans attend, it reminded me of Kuppinger's EIC (European Identity Conference). It was the second conference I attended this year that had an "un-conference" portion, inspired by IIW (Internet Identity Workshop). [ID Next 2013 Keynote Slides by Mike Schwartz]
Brian Krebs: An Anti-Fraud Service for Fraudsters The trouble with these services is that they can get pricey in a hurry, and they're often sold by the very companies that spammers are trying to outsmart. Enter services like fraudcheck[dot]cc: This service, run by an established spammer on a semi-private cybercrime forum, performs a multitude of checks on each transaction, apparently drawing on accounts from different, legitimate anti-fraud services.
Anil Saldhana: SAML vs OAuth: Which One Should I Use? One of the primary questions I get asked is - "What is the difference between SAML and OAuth?". I hope I can use this article to provide my thoughts on this important topic. I will also try to point out various use cases where each one is preferred.
Matt Flynn: Is MAM Identity and Access Management's next big thing? Mobile Application Management is making waves. Recent news from Oracle, IBM, and Salesforce highlight the market interest. It's a natural extension of what you've been hearing at Identity trade shows over the past few years (and this year's Gartner IAM Summit was no exception). The third platform of computing is not a future state. It's here. And Identity and Access solutions are adapting to accommodate the new use case scenarios. ...onward and upward.
Gunnar Peterson: Avoiding the Mobile Blindside Mobile takes the security blindside to a whole new level. Mobile projects are often sponsored outside of IT, say by marketing. They are often developed outside IT by new, mobile specialist teams unaware of standard dev practices. And compounding the problem, Mobile dev cycles are very short, an iOS or Android app can go from cocktail napkin to "done" in the time a traditional enterprise app spends writing requirements.
Holger Reinhardt: Ending the IoT Protocol Wars Here is what I have learned regarding IoT protocols: It's a zoo out there, with lots of protocols trying to become the next HTTP. And some candidates deploy a formidable array of marketing, making it exceedingly hard to cut through the fog.
Brenda Jin, Tim Anglade, Olaf de Senerpont: Building for Google Glass: What You Need to Know (webcast, podcast) In this recent webcast, Brenda Jin, a user interface developer at Macys.com, and Apigee's Tim Anglade discuss exactly what building for Glass means in practice. They'll cover API and apps techniques you can reuse and what you must be prepared to do differently. They will also walk through a step-by-step demo of building an app for Google Glass with HTML5, and discuss what other businesses are doing to prepare for the new world of wearable computing.
Nordic APIs at Internetdagarna We had another Nordic APIs event this week, at Internetdagarna in Stockholm. Twobo and Dopter held the Nordic APIs track with the subject "APIs for Business". With that we thought it was a good idea to focus on the business aspect of APIs. Why should companies embrace this trend and how should they do it from an organizational perspective.
AWS re:Invent 2013: highlights and analysis AWS re:Invent 2013 was bigger and better than last year's event. Amazon's second annual cloud computing trade show saw over 8,000 attendees, 200 sessions, and 400 speakers: easily the largest cloud event in the industry to date.
Anil John: Are Federated Credentials and Continuous Identity Verification Compatible? In a recent blog post, Does KBA and Public Sector Online Services Have a Future?, I raised as an issue the inadequacy of KBA for remote identity proofing given the public, and potentially compromised, data sets that are currently used for this purpose. I believe that it is critical for citizen-facing public sector services to incorporate continuous identity vetting/verification/proofing as a compensating control. But can that be effectively done when the service is utilizing federated credentials?
Naresh Persaud: Securing The Citizen Experience Governments have often been the slowest to adopt new technologies - not any more. This video from the UK government's digital services strategy shares a vision for citizen services that will inspire. This phenomenon is not isolated to the United Kingdom. Across the world, citizens are paying more in taxes and demanding better services. All of this is changing the way governments are thinking about security. The new experience is cross channel: mobile, social and online. If we are lucky we may never have to go back to the department of motor vehicles again.
Heathervescent: Announcing 2013 Bitcoin Survey Announcing my 2013 Bitcoin Survey. Your participation helps me build on past research and will be used in the Future of Money Television Series as well as shared with participants. Please consider taking and sharing the survey. You can take it via the embedded box below or go directly to it via this link.
Check out my future of transactions scenario videos
See my TedxZwolle talk (May 2013)
Dig deep into the Future of Transactions Archives
Android KitKat Creates a New Mobile Playing Field, Who Will Join the Game? Isis? PayPal? MCX? In the new KitKat host card emulation mode, the transaction initiated at the POS will be relayed by the service manager to the KitKat OS for servicing. This approach enables a range of services, including cloud authorization and payment services. So for example, a merchant with a closed-loop gift card product could now enable that gift card to be presented at the POS using NFC. It would seem apparent that Goggle Wallet will soon adopt this approach to enabling NFC and given an open platform, so the two big questions are these:
Identity Woman: Interesting events in 2013 This is a calendar of events that I know in 2013 (and beyond). I think they're interesting, I'm currently planning on attending all the events in BLACK, I'm helping co-organize all the events with RED headlines. Some events will change from interesting to attending as they approach.
Kantara Initiative: 2014 Events on the Horizon As we move to close 2013 we're already excited by all of the opportunities for 2014. Planning is underway on some exciting initiatives and great events for 2014! A taste of the details are below.
NSTIC Pilots in Motion - Jan 30: This is a special event produced by Kantara and hosted at the Department of Commerce in Washington DC. The event is an industry day that will feature NSTIC pilots where Kantara is playing a role. Event space is limited and we'll have more details on how you can attend soon. If you're interested to join us please send an inquiry to email@example.com.
HIMSS - Feb 23-27: We're planning an amazing workshop for HIMSS 2014. The is the second year in a row Kantara will be hosting a workshop at HIMSS. This conference goes big and we love the theme: Innovation, Impact, Outcomes, Onward!
RSA - Feb 24-28: RSA is always an amazing event. We have Kantara Members appearing on conference agenda topics and we're very happy to bring the next installment of "Non-Profits on the Loose".
EIC - May 12-16: The European Identity and Cloud Conference is an event we look forward to every year. We'll be hosting another workshop at EIC in 2014. We'll be presenting around IRM, UMA, Profiling of OpenID Connect & OAuth, and much more.