The Password Problem: An Infographic View "Password issues aren't just a memory nuisance; they're a real corporate financial burden. If passwords are the price we pay for admission in the digital world, then companies are managing the world's most expensive Lost and Found. Here is a look at where enterprise time, effort and money goes in homage to the vulnerable, and yes, we mean vulnerable, password (and how that can be corrected). " (Click the link above to see the full graphic).
Ross Anderson: How Privacy is Lost "On Friday, I went to a fascinating lobbying meeting on the new EU data protection regulation. Europe is by default the world's privacy regulator, as America doesn't care and no-one else is big enough to matter; so this is really important. Some 3000 amendments have been proposed and the regulation is in the final stages of the committee process; the rapporteurs of the various parties are negotiating compromise amendments which should be ready for a vote within weeks. So the pressure is really on."
Martin Kuppinger: The FIDO Alliance - game changer for Internet Security? "Last week, Google announced that it has joined the FIDO Alliance. FIDO stands for Fast Identity Online. The alliance was formed in July 2012. The mission is to change the nature of online authentication by providing interoperability among strong authentication devices. The alliance is working on specifications for an open, scalable, interoperable set of mechanisms that allow secure authentication of users to online services without the need for passwords for each of these services. It wishes to become a standard that allows using both existing and future strong authentication devices (those that support the FIDO standard), in an interoperable way."
Sandi Green: Three ways Shadow IT is just like the Harlem Shake "Of course, this isn't the first trend to go viral. There are countless examples, none of which I care to recall at the moment because my current revelation is this: the Harlem Shake and Shadow IT are distant dancing cousins. Here are three ways I know they're kin: "
Vittorio Bertocci: OAuth 2.0 and Sign-In "If there's a question that I dread receiving - and I receive it very often nonetheless, even from colleagues - is the following: "Why can't I provision in ACS OAuth 2.0 providers in the same way as I provision OpenID providers?" Or its alternative, linearly-dependent formulation: "Provider X supports OAuth 2.0; ACS supports OAuth 2.0. How can I connect the two?""
Paul Madsen: Which begs the question .... "In YAPAUOFA (Yet Another Post About Using OAuth For Authentication) I argue (following the lead of John and Vittorio) that the issue with trying to use OAuth OOB for authentication is that a Client can use a token it obtains 'fairly' in order to impersonate the corresponding user at some other Client. Necessarily then, a Client has gone 'bad'. Why then is this not an issue for the use case that OAuth was designed for, i.e. delegated authorization of API access? Could not such a Client also go 'bad' and do similarly malicious things?"
Adobe goes all in on the cloud, ditches Creative Suite "The latest version of Adobe's Creative Suite--the exceedingly popular design, web and multimedia software suite that includes Photoshop, Illustrator, Flash, After Effects, Dreamweaver and Acrobat--will be its last, the company announced at its MAX conference in Los Angeles. Moving forward, the company will double down on its Creative Cloud software-as-a-service offering, introduced last year."
Mark Dixon: Who Will Host My #PersonalCloud? "But my question still remains: What companies will emerge as the leading hosters of personal clouds? I don't want to host my own; I don't think my wife, as bright as she is, would learn how to do it."
Doc Searls: Bringing "Personal Cloud" to Market "Will "my personal cloud" meet the same fate? I don't think so, especially with its new logo, up there at the top. (From 99 Designs, btw.) But I also don't know. Kinda depends on how good, and usable, the tech is."
Mark Dixon: Core Identities and Personal Data Stores "I just finished reading an intriguing white paper, "Towards a Trustworthy Digital Infrastructure for Core Identities and Personal Data Stores," written by Thomas Hardjono, Dazza Greenwood, and Alex (Sandy) Pentland, all associated with MIT. I was particularly interested to see how much detail has been built around this concept of Core Identities since Dazza Greenwood and I discussed it several years ago, while I was employed by Sun Microsystems."
Upholding the Open Web with PaaS: An Interview with Mozilla's Chris Turra "Just a few blocks away from ActiveState's office in downtown Vancouver, Mozilla web operations engineer Chris Turra is working hard to fulfill his organization's mission to keep the web open. Working with his California-based colleague Brandon Burton, Turra is implementing Stackato private Platform-as-a-Service (PaaS) technology at Mozilla to help his (now-teenage) organization deploy web applications at scale."
Paul Madsen: The Quantified Self & Application Scale "That may be an acceptable burden for somebody with 2-3 separate devices (and so 2-3 native applications). But what of the neurotic hypochondriacs? Or the paranoid new parents obsessing over each cough and sniffle of their new baby - both of whom might have > 10 health monitoring applications?"
Stephen Wilson: Big Data? Big Privacy! "Ever since I've found time and time again a shortfall in the understanding that "technologists" as a class have regarding data privacy. There is a gap between technology and the law. IT professionals may receive privacy training but as soon as they hear the well-meaning slogan "Privacy Is Not A Technology Issue" they tend to say 'thank god: that's one thing I don't need to worry about'. Conversely, privacy laws are written with some naivety about how information flows in modern IT and how it aggregates automatically in standard computer systems. For instance, several clauses in Australian privacy law refer expressly to making 'annotations' in the 'records' as if they're all paper based, with wide margins."
Martin Kuppinger: What happened recently in Security? "You may not have heard of Acxiom, a company that describes itself as an "enterprise data, analytics and software as a service company" that is "known worldwide for our marketing database and consumer data". There was a report that Acxoim plans to introduce a service that allows individuals to reveal the information Acxiom knows about them. In Germany, such services are mandated by law. For instance Schufa, a company that provides information about the financial credibility, offers such a service. This is considered a part of your fundamental rights, in that case the "right for informational self-determination"."
Identity Woman: Interesting events in 2013 "This is a calendar of events that I know in 2013 (and beyond). I think their interesting, I'm currently planning attending all the events in BLACK, I'm helping co-organize all the events with RED headlines. Some events will change from interesting to attending as they approach."
Federating Communities, Nations and Markets in a Big-Data Economy: Lessons learned from Academia to Governments and Enterprise... "European Identity & Cloud Conference 2013 16.05.2013 10:30-11:30 Track: Trust Frameworks Combined Session Joni Brennan, Kantara Initiative, Dave Kearns, KuppingerCole, Aljosa Pasic, Atos Research & Innovation, Colin Wallis, New Zealand Government The great thing about NSTIC, EUSTIC and other cyber focused identity strategies is that they attract more people and communities to the discussion. The not so great thing is that discussions have to start over and take everyone through the history and journey. What early adopters know and have practiced for some time only becomes common knowledge when the last person understands the concepts. To be clear, this is not a workshop. This is where Kantara Initiative brings together experienced Federation practitioners from around the world to answer questions like: Why do some federations succeed while others fail? What does the business of federation look like? What is inter-federation and how far are we from it?"
SAML, OAuth, SCIM, XACML "European Identity & Cloud Conference 2013 15.05.2013 14:00-15:00 Track: How to Build your IAM/IAG Infrastructure the Right Way - and Support Business Today Combined Session OASIS Panel: ID Protocols - Out with the Old and in with the New? Craig Burton, KuppingerCole, Peter Cummings, KuppingerCole, David Brossard, Axiomatics AB, Dr. Michael B. Jones, Microsoft, Dr. Paul Madsen, Ping Identity, Darran Rolls, SailPoint Each speaker will cover the pros and cons of one protocol and take questions from the audience. "
Identity Woman: Online Community Unconference "Its BACK!" "May 21st at the Computer History Museum I am really excited to be working with a super awesome crew of leaders of the Online Community Manager Tribe - or OCTribe. We have been considering reviving the event and the pieces have finally come together to do it."
Call For Papers - Open Identity Summit 2013 "September 10th - 11th 2013, Kloster Banz, Germany Deadline for electronic submissions: May 15th, 2013 The aim of Open Identity Summit 2013 is to link practical experiences and requirements with academic innovations. Focus areas will be Research and Applications in the area of Identity Management and Open Source with a special focus on Cloud Computing."
eID & ePass 5th edition "National eID & ePassport Conference - the Global Forum on the drivers behind the digitalization of citizen ID documents proudly announce the 5th edition in BERLIN 2013, 28th & 29th of October @Intercontinental Berlin."