Phil Hunt: Standards Corner: Basic Auth MUST Die! Basic Authentication (part of RFC2617) was developed along with HTTP1.1 (RFC2616) when the web was relatively new. This specification envisioned that user-agents (browsers) would ask users for their user-id and password and then pass the encoded information to the web server via the HTTP Authorization header.
Anil John: Context and Identity Resolution If identity is defined as a set of attributes that uniquely describe an individual, identity resolution is the confirmation that an identity has been resolved to a unique individual within a particular context. In a federation environment, identity resolution is a means to an end; namely user enrollment. This blog post looks at identity resolution in two separate contexts, at the identity proofing component and at the RP.
Paul Madsen: Warning! Explicit (Authentication) Content Today's authentication mechanisms are explicit and discontinuous - on some schedule (depending on the resource being accessed) we demand users stop what they are doing (e.g. doing work for us or buying stuff from us) and login - a distinct and unappreciated operation.
Toward 1 million APIs (video) API Growth is accelerating - with many organizations launching and using APIs. However, we're still in the 10,000's or low 100,000's of APIs range and many are not publicly accessible. What happens when we reach millions of APIs and indeed - how do we get there. A panel at the API Strategy & Practice Conference in Amsterdam talks about future API challenges. Hosted by Steven Willmot the CEO at 3scale.
Kim Zetter: The Feds Cut a Deal With In-Flight Wi-Fi Providers, and Privacy Groups Are Worried According to a letter Gogo, the in-flight Wi-Fi provider, submitted to the Federal Communications Commission, the company voluntarily exceeded the requirements of the Communications Assistance for Law Enforcement Act, or CALEA, by adding capabilities to its service at the request of law enforcement. The revelation alarms civil liberties groups, which say companies should not be cutting deals with the government that may enhance the ability to monitor or track users.
Info Sec UK April 29-May 1; London More than 13,000 attendees to Europe's largest free-to-attend conference. Identity management, mobile, managed services and more.
IIW May 6-8; Mountain View, Calif. The Internet Identity Workshop, better known as IIW, is an un-conference that happens at the Computer History Museum in the heart of Silicon Valley.
Glue Conference 2014 May 21-22; Broomfield, Colo. Cloud, DevOps, Mobile, APIs, Big Data -- all of the converging, important trends in technology today share one thing in common: developers.
European Identity & Cloud Conference 2014 May 13-16; Munich, Germany The place where identity management, cloud and information security thought leaders and experts get together to discuss and shape the Future of secure, privacy-aware agile, business- and innovation driven IT.
Gartner Catalyst - UK June 17-18; London A focus on mobile, cloud, and big data with separate tracks on identity-specific IT content as it relates to the three core conference themes.
Cloud Identity Summit 2014 July 19-22; Monterey, Calif. The modern identity revolution is upon us. CIS converges the brightest minds across the identity and security industry on redefining identity management in an era of cloud, virtualization and mobile devices.
Gartner Catalyst - USA Aug. 11-14; San Diego, CA A focus on mobile, cloud, and big data with separate tracks on identity-specific IT content as it relates to the three core conference themes.