InCommon: The Rise of OpenID Connect Where is all this going? Honestly, I don't know, but instead of sitting around and scratching our heads, we've started to leverage social identity and experiment with OpenID Connect. This addresses two of three major limitations of the federated identity approach (i.e., coverage and attribute release), and at the same time permits us to hedge our bets on the future of SAML as a federation protocol.
pwcrypt: On-the-fly password encryption Adventures with lightweight and minimalist software for Linux. I like finding applications that are 10 or 15 years old, and discovering that they still work fine in spite of their age. To the best of my knowledge, pwcrypt works just as well now as it did way back in 2000, when it was released into the wild.
Farm Journal: The ABCs of API The agriculture industry is deploying more API in precision products to produce equally seamless experiences. For example, Growmark recently paired up with John Deere, using a wireless data transfer API so it can exchange data more quickly.
Evan Schuman: Wal-Mart is latest big company with mobile-app security problems The evidence keeps mounting that companies that put out mobile apps are not paying nearly enough attention to security. Even big companies with large and experienced IT staffs are guilty. In fact, the latest evidence suggests that the iOS mobile app of the largest company in the U.S., by revenue, Wal-Mart, exposes users' passwords, account names and email addresses, as well as many geolocation details.
Comment period open on NIST draft "Mobile, PIV, and Authentication" The purpose of this document is to analyze various current and near-term options for remote electronic authentication from mobile devices that leverage both the investment in the PIV infrastructure and the unique security capabilities of mobile devices, such as smart phones and tablets. Comments close April 21.
Joni Brennan: Identity, Personal Data and Access Management A recent report from Deloitte indicates that 60 percent of customers who interact with brands do so through multiple channels, meaning that customers are giving their information through social media, websites and in stores - a trifecta of security concerns. Although this information is used to enhance business practices and customer service, caution must be taken. Business must take the leading role to meaningfully inform their patrons about the types of data they are requesting, how it will be used, and how long it will be held.
Interop Las Vegas; March 31-Apr. 4 Independent technology conference and expo series designed to inspire and inform the world's IT community.
Cloud Security Alliance, SecureCloud 2014 April 1-2; Amsterdam. An opportunity for government experts, industry experts and corporate decision makers to discuss and exchange ideas about how to shape the future of cloud computing security. Focus is on legal issues, cryptography, incident reporting, critical information infrastructures and certification and compliance.
Philadelphia Secure World Valley Forge, Pa.; Apr. 8-9 One of North America's most vital cyber-security conferences, providing globally relevant education, training and networking for cyber-security professionals on a regional level.
ID360: The Global Forum on Identity Apr. 9-10, Austin, Texas The ID360 theme is "Identity: Cradle to Grave," exploring how identity changes as a function of age for people, businesses and devices.
IIW May 6-8, Mountain View, Calif. The Internet Identity Workshop, better known as IIW, is an un-conference that happens at the Computer History Museum in the heart of Silicon Valley.
European Identity & Cloud Conference 2014 May 13-16, 2014; Munich, Germany The place where identity management, cloud and information security thought leaders and experts get together to discuss and shape the Future of secure, privacy-aware agile, business- and innovation driven IT.
Cloud Identity Summit 2014 July 19-22, Monterey, Calif. The modern identity revolution is upon us. CIS converges the brightest minds across the identity and security industry on redefining identity management in an era of cloud, virtualization and mobile devices.