There were a number of other items on interest to the identity community (especially the Death of XACML):
Andras Cser: XACML IS DEAD Conversations with vendors and IT end users at Forrester's Security lead us to predict that XACML (the lingua franca for centralized entitlement management and authorization policy evaluation and enforcement) is largely dead or will be transformed into access control (see Quest APS, a legacy entititlement management platform based on BiTKOO, which will probably be morphed by Dell into a web SSO platform).
Gerry Gebel: XACML: Alive and Well The latest hyperbolic headline from our friends in the analyst community is brought to you by Andras Cser of Forrester, who proclaims that XACML is dead. Naturally, we at Axiomatics disagree since we have invested many years of effort at OASIS to develop and support the standard. The timing of this post is also interesting in that XACML version 3.0 was just formally ratified earlier this year and the Technical Committee is actively working on new profiles to support a REST interface as well as JSON encoding of the request/response formats - two features that will significantly expand the appeal to a wider developer audience. Let's walk through this and address some of the statements that Andras makes:
Ray Sinnema: Is XACML Dead? Before I take a critical look at the reasons underlying this claim, let me disclose that I'm a member of the OASIS committee that defines the XACML specification. So I may be a little biased.
Danny Thorpe: XACML is Dead? Long Live XACML! Disclosure: I am the architect of the XACML 3.0 PDP authorization engine at the heart of the Dell/Quest Authorization Policy Server product, and I am a member of the OASIS XACML technical committee. I am a Dell employee, but the opinions stated here are my own, not my employer's.
Neil Chapman: I AM not dead, "just resting" A newcomer to the Identity space might be forgiven for thinking we're, by turns, a morbid and bloodthirsty lot. Forrester predicted the imminent death of XACML yesterday, whilst Gartner's Ian Glazer (@iglazer) has, of late, been going a step further in calling for the pre-meditated murder of IAM. Is the Identity technology landscape really as bleak and/or bloody as the analyst soundbites suggest?
When three As are better than four In many instances authorization is binary and tied directly to authentication - if a person is authenticated, then they get access to a resource. The authorization is tied only to the authenticated entity. Consider building security, for example - swipe your proximity card and you're allowed in. Or, in rather more ancient practice, unlock the door with your key and get access. In the former case, the use of the proximity card (the "token") is probably recorded someplace, so there is at least a rudimentary audit trail. When the key is the "token," then there is no trail.
Jim Reno: The Two-Step Tradeoff I explored the information on Apple's web site, particularly the FAQs, relating to two-step verification. I also tried adding it to an Apple ID myself to get a feel for the user experience. It's interesting to me because it highlights some of the difficulties in implementing multifactor authentication, especially given a user community (like consumers) with widely varying technical skills.
Dave Birch: What's your e-mail address? Don't tell him firstname.lastname@example.org! This does, at least, open up the possibility of some continued employment for me as I fight to stave off the cat food years in amongst the embers of post-employment Europe. But hold on. Just how bad is the cybersecurity situation? We are all used to reading statistics about the size of the problem (I seem to recall that Detica estimated it to be £27 billion in the UK) but let's go and find out what the top people think about it. I imagine the head of the US National Security Agency would know.
PayPal Says It's Time to Ditch Passwords and PINs "We have a tombstone here for passwords," Barrett toldthe audience, pointing to a slide with a tombstone for passwords with the years 1961 to 2013 etched on it. "Passwords, when used ubiquitously everywhere at Internet scale are starting to fail us," he added.
Dave Kearns: Holy Grail for the Cloud Back in August ("Open Source IAM - is it right for you?") I wrote about my friend Brad Tumy's Open Source Identity Solutions list and spent a paragraph or two on ForgeRock OpenAMб which, I told myself, I'd try to get back to with more information for you. So recently I chatted with ForgeRock's John Barco (director of product marketing) and Jamie Nelson (Vice President of Engineering), both of whom I'd first met when they were at Sun Microsystems. John & Jamie filled me in and what's happening with ForgeRock, and I'd like to pass that information along to you. First, though, I want to talk about a surprise I had recently.
Phil Windley: Introducing Forever and Personal Cloud Application Architectures Forever is an evergreen address book that uses personal clouds based on the Kynetx CloudOS. The profile data in the personal cloud provides the contact information. The connections between clouds provide the friend relationships that Forever displays. The following diagram shows how Forever uses personal clouds:
Mark Dixon: SquareTag Project Report About two months ago, I started a small project to see how SquareTags would work on virtual objects like web pages. Subsequent posts are here, here, here and here. This post summarized what I learned. Thanks to Phil Windley and his team for encouragement and support.
Phil Windley: Imagining Trillion Node Networks Last week, I gave the opening keynote at OpenWest, the Intermountain West's largest open source conference. In fact, it may be the largest open source conference anywhere outside of OSCON. There were almost 900 people registered before it was all over. There were many interesting sessions and lots of tracks. Look for it next May.
Binary Blogger: Social Network Authentication Should Not Be Taken Seriously The Brochure Buzzword of the year is Social Network integrations. Whether it is the hot selling points for software vendors, federation presentations, or your management team pushing for the ultimate user convenience of allowing people to use their own social network accounts to authenticate into your applications, you can't get away from it. You should get away from it as fast and as quickly as you can.
Login to the real world with your Facebook account Ultimately, context is the key to understanding the appropriate use of social identities. While we may be happy browsing a retailer's website logged in with our Facebook account for a personalised experience, we are not going to be making the payment with it. Organisations that get the balance right while understanding appropriate use and context can begin their social-enablement journey with their eyes open.
Ward Cunningham: Smallest Federated Wiki Our new wiki innovates three ways. It shares through federation, composes by refactoring and wraps data with visualization. Follow our open development on GitHub or just watch our work-in-progress videos here.
NSTIC Pilot Common Considerations 4: Attributes In this fourth blog in our series highlighting some of the common questions and observations that have emerged as the NSTIC pilots have moved forward, we focus on the use and management of underlying attributes to support identity services.
Identity Woman: Interesting events in 2013 This is a calendar of events that I know in 2013 (and beyond). I think they're interesting, I'm currently planning on attending all the events in BLACK, I'm helping co-organize all the events with RED headlines. Some events will change from interesting to attending as they approach.
Federating Communities, Nations and Markets in a Big-Data Economy: Lessons learned from Academia to Governments and Enterprise... European Identity & Cloud Conference 2013 16.05.2013 10:30-11:30 Track: Trust Frameworks Combined Session Joni Brennan, Kantara Initiative, Dave Kearns, KuppingerCole, Aljosa Pasic, Atos Research & Innovation, Colin Wallis, New Zealand Government The great thing about NSTIC, EUSTIC and other cyber focused identity strategies is that they attract more people and communities to the discussion. The not so great thing is that discussions have to start over and take everyone through the history and journey. What early adopters know and have practiced for some time only becomes common knowledge when the last person understands the concepts. To be clear, this is not a workshop. This is where Kantara Initiative brings together experienced Federation practitioners from around the world to answer questions like: Why do some federations succeed while others fail? What does the business of federation look like? What is inter-federation and how far are we from it?
SAML, OAuth, SCIM, XACML European Identity & Cloud Conference 2013 15.05.2013 14:00-15:00 Track: How to Build your IAM/IAG Infrastructure the Right Way - and Support Business Today Combined Session OASIS Panel: ID Protocols - Out with the Old and in with the New? Craig Burton, KuppingerCole, Peter Cummings, KuppingerCole, David Brossard, Axiomatics AB, Dr. Michael B. Jones, Microsoft, Dr. Paul Madsen, Ping Identity, Darran Rolls, SailPoint Each speaker will cover the pros and cons of one protocol and take questions from the audience.
Identity Woman: Online Community Unconference "Its BACK!" May 21st at the Computer History Museum I am really excited to be working with a super awesome crew of leaders of the Online Community Manager Tribe - or OCTribe. We have been considering reviving the event and the pieces have finally come together to do it.
Call For Papers - Open Identity Summit 2013 September 10th - 11th 2013, Kloster Banz, Germany Deadline for electronic submissions: May 15th, 2013 The aim of Open Identity Summit 2013 is to link practical experiences and requirements with academic innovations. Focus areas will be Research and Applications in the area of Identity Management and Open Source with a special focus on Cloud Computing.
eID & ePass 5th edition National eID & ePassport Conference - the Global Forum on the drivers behind the digitalization of citizen ID documents proudly announce the 5th edition in BERLIN 2013, 28th & 29th of October @Intercontinental Berlin.