I just got back from another week's vacation so there is a lot of news items in this edition.
Ian Glazer, Gartner: Catalyst: In case you missed a session. Well the Catalyst dust has finally settled and San Diego is fading into memory. From my perspective, this year's Catalyst was a big success. Lots of great content. Lots of good energy. Lots of positive feedback. We did pack in a bunch of content this year and at any one time there were multiple sessions you probably wanted to attend. The good news this year is that we recorded all the sessions and you can watch them on Gartner Event On Demand. The following is a handy list of all the identity sessions and link to the videos.
Tim Bray, Google: Why Federate? Part of my job these days is convincing people to get out of the password business and start "Federating"; that is to say, outsource the login mechanics to an "Identity Provider" (IDP) like Facebook or Google or Microsoft or Twitter (and there are lots more). I've given the sales pitch quite a few times now; here it is.
Tim Bray, Google: Federation Conversation I published Why Federate? last week, arguing that apps should get out of the password business. Ouch! I got ferocious pushback in my comments, on Twitter, and on the accompanying G+ post. Take a minute and read a few. Clearly we need to Bray, Google a conversation.
Tim Bray: FC 1: Who Learns What When you click on the dark-blue button to sign in with Facebook (or bright red for Google) what does Facebook (or Google) learn about you? What does the app you're signing into learn about you? Uncertainty makes people nervous about federated login.
Tim Bray, Google: FC2: Single Point of Failure? If you rely on an Identity Provider ("IDP") to sign into lots of apps, here are two things to worry about: If the IDP gets hacked, do the bad guys get into all your apps? And if you lose your IDP account, are you locked out of all of them?
Dave Kearns, KuppingerCole: Take strong authentication into your own hands It was just a couple of months ago that trend-watcher The Next Web announced that Google Chrome had overtaken Microsoft's Internet Explorer as the Web's most used browser, a position that IE had held since, well, way back in the last century. So it's unfortunate that just last week it was revealed (yet again) that Chrome is not very protective of stored passwords.
Identity And Access Management (IAM) Market Worth $10.39 Billion By 2018 The report "Identity and Access Management (IAM) Market [(On Premise, Cloud IAM), By Components (Provisioning, Directories, SSO, Advanced Authentication, Password Management, Audit, Compliance & Governance)] - Global Advancements, Forecast & Analysis (2013-2018)", defines and segments the IAM software market into various sub-segments with in-depth analysis and forecasting of revenues. It also identifies drivers and restraints for this market with insights on trends, opportunities, and challenges.
Gluu SXSW Interactive Picks Voting for SXSW interactive sessions has started. Every day until voting ends, Gluu is adding a new session to our vote recommendation list. You'll need to register with SXSW Panel Picker to be able to vote. No social login accepted. Maybe next year SXSW will support OpenID Connect authentication from any domain!
Gluu: We're RE-OPENING the OpenID Connect & UMA crowdtilt Monday 8/26!! Due to key contributions from ForgeRock, Symas, and Falcon SC, our Crowdtilt campaign to fund OpenID Connect and UMA plugins for Apache web servers is guaranteed to "tilt"!! In order to take the new donations, we are excited to announce that the campaign will be re-opened for 3 days until Thursday, August 29th!
Groklaw: Forced Exposure So this is the last Groklaw article. I won't turn on comments. Thank you for all you've done. I will never forget you and our work together. I hope you'll remember me, too. I'm sorry I can't overcome these feelings, but I yam what I yam, and I tried, but I can't.
Brad Tumy: Deciphering Microsoft's Hybrid IT Identity Strategy I recently had the chance to talk with Brad Anderson, Microsoft's corporate vice president for Windows Server & System Center, in advance of his post last Friday about the role identity plays in the company's Cloud OS architecture and its identity strategy in general.
Tyler Shields, Forrester: Mobile Application Security Maturity - Leveling Up I've created a survey to determine current baseline enterprise mobile application maturity levels. If you are involved in the mobile management and security decisions of your enterprise now is your time to help. Please go to the survey link below and fill out the form. I will summarize some of the findings in a future blog post.
What the CIA Private Cloud Really Says About Amazon Web Services When the CIA opted to have Amazon build its private cloud, even though IBM could do it for less money, a tech soap opera ensued. Lost amid the drama, though, is a perfectly reasonable explanation why Amazon Web Services makes sense for the CIA - and why a disruptive AWS represents the future of the cloud.
Peter Brantley, Hypothes.si: Annotating the law This last week, Hypothes.is coordinated our second "tiger team," convening communities likely to have a strong interest in open annotation, interaction, and new forms of access. The event was co-hosted by the Berkman Center for Internet and Society at Harvard University.
Holger Reinhardt, Layer 7: What ist DaaS? We live in the age of Big Data but Big Data is not showing up to the party alone. Fast data and open data are also coming along for the ride. This is why we need an "as-a-service" approach to data sharing.
Naomi Lefkowitz, NSTIC: Does That Cloud Look Like A Pig? Putting the Fed in Federation: Part II Back in February, if you read our post on "Putting the Fed in Federation: The U.S. Government as Early Adopter of the Identity Ecosystem" and thought "when pigs fly," you probably weren't alone. But with the announcement that the United States Postal Service (USPS) has awarded SecureKey Technologies with a contract to stand up the Federal Cloud Credential Exchange (FCCX), you might just want to keep your eye on the horizon.
Anil John: Federated Credential Use. A Tale of Poultry and Public Sector Using federated high assurance private sector credentials to access public sector services has a chicken and the egg problem. This may require the immaculate conception of a chicken, and not just in the public sector, to move the ball forward. Some thoughts, pointers and perspectives on the issue.
FICAM Trust Framework Solutions TFPAP Update v1.1.0 This is a point update that does not change any of the existing TFP processes but instead: Acknowledges an existing internal Government process in order to recognize non-federally issued PKI providers, who are cross-certified with the Federal Bridge, as approved Credential Service Providers under the FICAM Trust Framework Solutions umbrella.
Identity Woman: Interesting events in 2013 This is a calendar of events that I know in 2013 (and beyond). I think they're interesting, I'm currently planning on attending all the events in BLACK, I'm helping co-organize all the events with RED headlines. Some events will change from interesting to attending as they approach.
Trusted Computing Conference Sep 9-12, 2013 Orlando, FL, USA The Trusted Computing Conference brings together experts in the field of computer security to discuss, explore, promote and emphasize the critical need for standards-based computer security.
Open Identity Summit 2013 September 10th - 11th 2013, Kloster Banz, Germany The aim of Open Identity Summit 2013 is to link practical experiences and requirements with academic innovations. Focus areas will be Research and Applications in the area of Identity Management and Open Source with a special focus on Cloud Computing.
pii2013 The 4th annual Privacy Identity Innovation conference, pii2013, will be held September 17-18 at the Bell Harbor International Conference Center in downtown Seattle.
Digital Enlightenment Forum 2013 The 2013 edition of the annual event of the Digital Enlightenment Forum (DEF) will take place from September 18 to 20, 2013 at the Crowne Plaza Hotel in Brussels on the theme "Personal data and citizenship in the digital society".
User-Centric ID Live Opportunities for relying parties in NSTIC and the new identity ecosystem October 15-16, 2013 - Washington Convention Center, Washington, D.C.
eID & ePass 5th edition National eID & ePassport Conference - the Global Forum on the drivers behind the digitalization of citizen ID documents proudly announce the 5th edition in BERLIN 2013, 28th & 29th of October @Intercontinental Berlin.
InCommon Advance CAMP: Identity Services Summit November 12-13, 2013 San Jose, CA https://spaces.internet2.edu/display/ACAMP2013/Home Part of the 2013 Identity Week (www.incommon.org/idweek) Join leading identity architects and developers from U.S. research and higher education and international and commercial identerati at Advance CAMP. Explore the state of the art in identity services and discuss the leading edge work that's taking us there.
InCommon: CAMP Cloud: Identity and Access in an Era of Outsourced Services November 14-15, 2013 - San Jose, CA Part of the 2013 Identity Week (www.incommon.org/idweek) Are your campus stakeholders looking at cloud-based solutions? Are you experiencing challenges or do you have concerns with outsourcing email, storage, or other essential services? Are you concerned about the management and maintenance of an accurate, accountable identity inventory?
KuppingerCole Information Risk & Security Summit 2014 Nov 27-28, 2013, Frankfurt, Germany The Information Risk & Security Summit Frankfurt 2014, taking place on November 27 - 28, 2013 at the Frankfurter Innovationszentrum FIZ Conference Lab, Frankfurt/Germany, offers an unseen combination of thought leadership and interactive session formats, tackling the most demanding questions IT professionals are confronted with: How to support the extended & connected enterprise with brilliant services without taking too many too big risks.