The National Security Agency is not just about spying on everything communicated on the Internet. They also have responsibility for technical security standards in the government. Chris Maher started a discussion on LinkedIn about a talk where the NSA weighs in on BYOD:
Alex Salazar: Long Live The Password "Last year Microsoft Research posted a great paper on passwords in an attempt to answer the question, "After 40 years of security research, why is the password still dominant?" Surprisingly, most security people haven't read it. Not hard to guess why--it's a dense 15-page academic paper titled "The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes." We've decided to post a summary of the paper, with some of our own thoughts, for the betterment of security for all."
Ben Adida: Persona is distributed. Today. "Of course, in the long term, Persona is meant to be distributed: email@example.com should be verified and certified by the administrators of example.com. If example.com wants to use 2-digit passwords, they can. If they want to use retinal scans powered by your webcam, they can. It's up to them. With each domain able to customize its authentication protocol with its users, the Web becomes more secure."
Ian Glazer: Google Glass, Privacy, and a Book Recommendation: It's all in the post-processing "I saw my first pair of Google Glass at the IAPP's Privacy Summit a few weeks back. I can't say for certain but I've got a feeling that the wearer was not only loving the utility his pair of Glass provided but also the circumspect looks shot his way by hundreds of privacy professionals. This got me thinking about how societal privacy issues are born - not just with Google Glass but with any technology."
Michel Prompt: Token Translation and Internal Authentication: Where Your Federation Needs a Federated Identity "I ran into Ian Glazer at last week's Gartner IAM conference. It was an excellent event, and the weather was so cold in London (or perhaps that's just my inner Californian talking) that the crowd was even more attentive than usual. Although he had places to go and people to see, Ian gave me some quick but very valuable feedback about this blog series in response to his video about killing IAM to save it. His big takeaway was that "it's not about the storage.""
Martin Kuppinger: Do we really want an unsecured connected vehicle? "I know that several car manufacturers are investing in PKI and related technologies to secure communication among various components. That might work for the components within a car, but it will not be sufficient for the bigger ecosystem of the connected vehicle I have outlined above. What we need are bigger concepts, cross-industry, integrating all the related parties and components. The good thing is that many of the answers to the challenges of a connected vehicle are there."
Francisco Corella: New Research on Mobile Authentication "In the next few posts I will be reporting on research that we have been doing over the last six months related to cryptographic and biometric authentication, focused on mobile devices. I have held off from writing while we were doing the research but now I have a lot to say, so stay tuned."
Mark Dixon: LinkedIn Should Use Connect.me "However, LinkedIn could certainly take lessons from Connect.me, or better still, use Connect.me, when it comes to vouching for and cataloging a person's capabilities. Here are some deficiencies in the LinkedIn approach that are much better implemented in Connect.me:"
Binary Blogger: Mobile Apps vs. Mobile Access "I think I know why. Most people, non-Hardcore nerds, have a hard time differentiating mobile web access and mobile app access. These are two completely different things with different considerations you need to be aware of."
Dave Kearns: Information Stewardship and BYOD news for you "The first is about the current buzzword acronym BYOD (for "Bring Your Own Device") which my colleague Martin Kuppinger just released an advisory note about ("today it's almost exclusively mobile devices - smartphones, tablets, 'phablets,' etc. - that are referred to with BYOD: a focus that is too narrow...") but which appears to be with us at least for the near term. The new piece is a survey, commissioned by a group of Cisco partner firms led by Pine Cove (based in Billings, MT)."
Identity Woman: Interesting events in 2013 "This is a calendar of events that I know in 2013 (and beyond). I think they're interesting, I'm currently planning attending all the events in BLACK, I'm helping co-organize all the events with RED headlines. Some events will change from interesting to attending as they approach."
Identity Woman: She's Geeky Seattle: April 26-27 "She's Geeky is a kind of magical event where women geeks of all kinds, gaming geeks, linux geeks, fandom geeks, crafting geeks, beekeeping geeks, drupal geeks, raspberry pi geeks, Arduino geeks, geeks in training, come together and hang out learning from each other."
Identity Woman: Online Community Unconference "Its BACK!" "May 21st at the Computer History Museum I am really excited to be working with a super awesome crew of leaders of the Online Community Manager Tribe - or OCTribe. We have been considering reviving the event and the pieces have finally come together to do it."
Dan Whaley: I Annotate: A Workshop "After two decades of progress in infrastructure and web technologies, we believe the time is finally at hand to realize the widespread annotation of human knowledge. On a recent call a suggestion was made to bring together people building annotation solutions with those that ultimately will use them. The obvious sensibility of that idea led a number of us to approach the Andrew W. Mellon Foundation for funding for a workshop, which they approved several weeks ago. We're calling it I Annotate, and it will be April 10-12, here in San Francisco, at the Fort Mason Center."
SAML, OAuth, SCIM, XACML "European Identity & Cloud Conference 2013 15.05.2013 14:00-15:00 Track: How to Build your IAM/IAG Infrastructure the Right Way - and Support Business Today Combined Session OASIS Panel: ID Protocols - Out with the Old and in with the New? Craig Burton, KuppingerCole; Peter Cummings, KuppingerCole; David Brossard, Axiomatics AB; Dr. Michael B. Jones, Microsoft; Dr. Paul Madsen, Ping Identity; Darran Rolls, SailPoint. Each speaker will cover the pros and cons of one protocol and take questions from the audience. "
Call For Papers - Open Identity Summit 2013 "September 10th - 11th 2013, Kloster Banz, Germany Deadline for electronic submissions: May 15th, 2013 The aim of Open Identity Summit 2013 is to link practical experiences and requirements with academic innovations. Focus areas will be Research and Applications in the area of Identity Management and Open Source with a special focus on Cloud Computing."
eID & ePass 5th edition "National eID & ePassport Conference - the Global Forum on the drivers behind the digitalization of citizen ID documents proudly announce the 5th edition in BERLIN 2013, 28th & 29th of October @Intercontinental Berlin.