There are more articles about EICC plus a host of other topics:
European Identity & Cloud Awards 2013 The European Identity & Cloud Awards 2013 were presented tonight by the analyst group KuppingerCole at the seventh European Identity & Cloud Conference. This award is honoring outstanding projects and initiatives in Identity & Access Management (IAM), Governance, Risk Management and Compliance (GRC), and Cloud Security.
Mike Jones: OpenID Connect Update Presentation I've posted the OpenID Connect Update presentation that I gave today during the OpenID Workshop at the European Identity and Cloud Conference. It's available in PowerPoint and PDF formats.
Axel Nennker: FIDO Alliance I am not happy with the FIDO Alliance and their FAQ does not eliminate my concerns. The major concern being: "Why isn't this going straight to a standards body?"
Martin Kuppinger: Yubico - will Google bring the breakthrough? Recently a story about Google hit the news, according to an article in Wired, "Google declares war on the password." Google wants to integrate this into the browser. Their approach is based on the idea of using a USB key or a NFC (Near Field Communication) device to log into applications. Currently, Google uses a YubiKey, developed by Yubico.
Anil John: HOW TO Visualize Access Control Use Cases With the current buzz around mobility and BYOD, there is sometimes a belief that the infrastructure and choices that exist today will have to be completely re-done in order to accommodate new devices. While I am not sure about that, I recently saw a public NASA ICAM presentation that outlined a framework for how to look at access control from an operational perspective that I found relevant.
InCommon: Shibboleth Consortium Formally Launched After several years of close partnerships across the global identity and access management communities, the Shibboleth Consortium was formally launched with the ratification and signing of its Charter by Internet2, Janet and SWITCH.
Secure Identity Alliance debuts Secure eDocuments companies 3M, Gemalto, Morpho (Safran) and Oberthur Technologies have announced the formation of the Secure Identity Alliance.
Martin Kuppinger: Another dead body in IT? Or is XACML still alive? I am clearly not suspicious being the enthusiastic XACML evangelist wearing blinders. Just ask some of the Axiomatics guys - we had many controversial discussions over the years. However, for me it is clear that neither Dynamic Authorization Management in general nor XACML in particular are dead.
Chris Wright, CA: Supporting Industry Standards From our perspective, XACML 3.0 was recently ratified and we endorse the additional activity currently underway to support REST and JSON encoding of the request/response formats which will help to keep it relevant. Standards are important when they can deliver interoperability while solving customer problems and do so within the constraint of an overtaxed IT budget and resources.
Eve Maler: THE MOBILE-CLOUD AXIS NEEDS A MODERN AUTHORIZATION SYSTEM. XACML 3 ISN'T IT It's not that we don't need an interoperable solution for finer-grained access control. But the world's demands for loosely coupled identity and access systems have gotten...well, more demanding. The solution needs to be friendly to open web API security and management. It needs to be friendly to mobile developers. And it most certainly needs to be prepared to tackle the hard parts of integrating authorization with truly heterogeneous cloud services and applications, where business partners aren't just enterprise clones, but may be tiny and resource-strapped. This admittedly gets into business rather than technical challenges, but every ounce of technical friction makes success in the business realm less likely.
Sam Curry: Adaptive IAM: On the Front Lines of Cyber Security We've been talking a lot this year about the notion of an "anti-fragile" security system - the idea that security solutions must become stronger and smarter with each attack or disorder. These solutions must be adaptable and intelligent to make detecting and responding to both current and future attacks a much quicker process.
Safeguarding Patient Information During Crisis The Healthcare Information Security Today survey, sponsored by RSA, highlights what healthcare organizations are taking into consideration to comply with the HIPAA Omnibus Rule. The survey shows that most organization's top security priorities are preventing and detecting breaches, improving regulatory compliance and improving security training. Also, it reveals that one of the biggest perceived security threats for healthcare organizations is the growing use of mobile devices and business associates taking inadequate security precautions; only 32% of survey respondents expressed confidence in security controls of their BAs and as you can see on the HHS "wall of shame", a majority of breaches were caused by lost or stolen devices or misplaced laptops.
Kristen Hallam, BW: Biometric Technology Combats Medical Identity Theft When a Columbus (Ohio) man was indicted by a grand jury in April on identity theft charges, the case had nothing to do with stolen credit cards or bank accounts. Instead, police say the suspect, who pleaded not guilty, used a South Carolina man's identity to obtain more than $300,000 in treatment at Ohio State University's Wexner Medical Center.
Anil John: Likelihood of Alien Invasions and Assurance Levels One of the first steps taken to protect a system from authentication errors is the determination of its assurance level requirement. That risk assessment process takes as input potential harm and likelihood of harm. This blog post looks at the applicability of the likelihood factor when assessing assurance level requirements for Internet connected systems.
John Fontana: OAuth quickly moves into maturity cycle It took a few years and a few heated discussions to push OAuth 2.0 over the finish line, but less than a year after its standardization the framework is maturing quickly as enterprises and developers tap into its authentication and authorization capabilities.
Google Identity Cookbook: OpenID Connect Google has supported the OpenID Connect project, and offers an authentication service that tracks the successive OIDC drafts. Google+ Sign-in also uses OIDC technology, taking care of the low-level implementation details. The Android auth tools in Google Play services support the creation of ID Tokens.
Phil Windley: CloudOS Will Be Open Source Today we're happy to announce that CloudOS will be open source as well. There are still some things we need to get right in the source before we release it (small things like redacting keys). When we do it will be under the GPL license.
Mark Dixon: Enabling Collaboration with Social BPM This morning, I read a recent Oracle White Paper entitled, "Transforming Customer Experience: The Convergence of Social, Mobile and Business Process Management." It gave interesting perspective on the blending of emerging paradigms - mobile and social - with the older discipline of Business Process Management.
NSTIC: The Identity Ecosystem Emerges If there is one lesson to be learned from these pilots, it is that their collective experience only underscores the need for a robust Identity Ecosystem Framework. It's been remarkable that as the five pilots, all different, have collectively progressed, they also all have dealt with struggles because of the lack of such a Framework - forcing their participants to sort out a number of thorny technical and policy issues on an ad-hoc basis.
Susie Lonie: The mobile money paradox - if everyone wants it, why is it doing so badly? The runaway success of M-PESA in Kenya led many companies to believe that MM is an easy win at relatively low cost and with little effort. Dazzled by huge customer numbers (for several years M-PESA recruited over 50,000 customers every week) and millions of transactions every day, most have failed to understand that M-PESA's success in Kenya was neither cheap, nor easy.
Identity Woman: Interesting events in 2013 This is a calendar of events that I know in 2013 (and beyond). I think they're interesting, I'm currently planning on attending all the events in BLACK, I'm helping co-organize all the events with RED headlines. Some events will change from interesting to attending as they approach.
Zetetic: Building Secure Applications: June 6th at New Work City On Thursday June 6th Zetetic and The Guardian Project will be hosting an evening of short talks and conversation about the how and why of building secure mobile applications that keep the user's data encrypted and hidden from prying eyes. We'll have a few short presentations on tools like SQLCipher, IOCipher, and NetCipher and how they can be used in modern applications. We'll answer questions about general strategies and specific toolkits, and our developers will be available to chat afterwards over pizza and beer.
IDESG: July 2013 Plenary Meeting What: 5th IDESG Plenary Meeting When: July 24-26, 2013 Where: Massachusetts Institute of Technology (MIT) Media Labs - 75 Amherst St Cambridge, MA 02139
Call For Papers - Open Identity Summit 2013 September 10th - 11th 2013, Kloster Banz, Germany Deadline for electronic submissions: May 15th, 2013 The aim of Open Identity Summit 2013 is to link practical experiences and requirements with academic innovations. Focus areas will be Research and Applications in the area of Identity Management and Open Source with a special focus on Cloud Computing.
eID & ePass 5th edition National eID & ePassport Conference - the Global Forum on the drivers behind the digitalization of citizen ID documents proudly announce the 5th edition in BERLIN 2013, 28th & 29th of October @Intercontinental Berlin.