But there were five other writers with opinions worth considering - check them out below, along with the rest of the week's news:
Chaos Computer Club breaks Apple Touch ID The biometrics hacking team of the Chaos Computer Club (CCC) has successfully bypassed the biometric security of Apple's Touch ID using easy every day means. A fingerprint of the phone user, photographed from a glass surface, was enough to create a fake finger that could unlock an iPhone 5s secured with Touch ID. This demonstrates - again - that fingerprint biometrics is unsuitable as access control method and should be avoided.
Tim Bray: The Fingerprint Hack Today, Germany's Chaos Computer Club claims to have hacked the iPhone 5s Touch ID. Since I now get paid to think about Identity stuff all the time, I'll think out loud about the question: "Is Touch ID a good idea?"
Ian Yip: Authentication debate fuelled by Apple Touch ID is in itself a game changer There's a good debate on ZDNet between John Fontana and David Braue around the issue of whether Apple's Touch ID is a game changer. I've spoken to, discussed things with and read stuff written by both these guys, so I can vouch for the fact they know what they are on about, which is why I'm sort of fence sitting in the context of their actual debate. But if someone shook the fence I'm currently sitting on vigorously and I assume the question was framed around Touch ID in its current form (or rather, how it will be when the iPhone 5s is released in a few days), I'd probably fall onto the side that John's on.
RSA: Smartphones & Biometrics: The Big Picture Security practitioners will look at this announcement and find flaws with Apple's implementation of Touch ID, but the big picture here has to be that this move could herald a new age of mobile-based, consumer friendly biometrics with a potential to make our online experiences more secure. Good swiping!
Stephen Wilson: How Bart Simpson might defend Touch ID Security is about economics. The CCC attack is not a trivial exercise. It entailed a high-resolution photograph, high-res printing, and a fair bit of phaffing about with glue and plastics. Plus of course, the attacker needs to have taken possession of the victim's phone because one good thing about Apple's biometric implementation is that the match is done on the device. So one question is, Does the effort required to beat the system outweigh the gains to be made by a successful attacker? For a smartphone with a smart user (who takes care not to load up their device with real valuables) the answer is probably no.
Say goodbye to the password Technology companies are developing alternatives, including built-in fingerprint readers, voice recognition and authentication tokens.
Anil John: User Enrollment Challenges with PKI Credentials First time user enrollment in a federation environment, when the credential used is a X.509 certificate issued from a Public Key Infrastructure (PKI), often brings unique challenges. This blog post explores those challenges and some potential approaches to addressing them.
Martin Kuppinger: Understanding Azure Active Directory Some time ago, Microsoft unveiled its Azure Active Directory (AAD). During recent weeks, I have had several discussions about what AAD is. First of all: It is not just an on-premise AD ported to Azure and run as a Cloud service. Despite relying in its inner areas on proven AD technology, it differs greatly from on-premise AD. It is a new concept, going well beyond a classical directory service and integrating support for Identity Federation and Cloud Access/Authorization Management.
David Pignolet: Don't Forget (All) the People It's a scary proposition when you think about it because who actually knows who these people are? Where's the accountability? These non-employees certainly don't have the same level of loyalty to the organization as employees, yet they are often granted the same or similar access with a fraction of the due diligence.
Tim Bray: FC7: Users vs Apps When a person signs into an app, that's a transaction, and value is exchanged. Who comes out ahead on the deal?
Tim Bray: Editing JSON No real news of any significance here. But I'm amused, because there's a file I'm editing called "json.xml", sort of like how, fifteen years ago, I was putting cycles into editing a file called "xml.xml".
Identity Woman: Interesting events in 2013 This is a calendar of events that I know in 2013 (and beyond). I think they're interesting, I'm currently planning on attending all the events in BLACK, I'm helping co-organize all the events with RED headlines. Some events will change from interesting to attending as they approach.
12th Annual Smart Card Alliance Government Conference Washington, DC; October 14 - 16, 2013 | 8:30 AM - 5:00 PM The 12th Annual Smart Card Alliance Government Conference will survey opportunities and challenges for government issuers, accreditation and testing authorities, procurement programs, and the industry to meet the government's market demands.
User-Centric ID Live Opportunities for relying parties in NSTIC and the new identity ecosystem Oct. 15-16, 2013 - Washington Convention Center, Washington, D.C.
eID & ePass 5th edition National eID & ePassport Conference - the Global Forum on the drivers behind the digitalization of citizen ID documents proudly announce the 5th edition in BERLIN 2013, 28th & 29th of Oct. @Intercontinental Berlin.
InCommon Advance CAMP: Identity Services Summit Nov.12-13, 2013 San Jose, CA. https://spaces.internet2.edu/display/ACAMP2013/Home Part of the 2013 Identity Week (www.incommon.org/idweek) Join leading identity architects and developers from U.S. research and higher education and international and commercial identerati at Advance CAMP: !
InCommon: CAMP Cloud: Identity and Access in an Era of Outsourced Services Nov. 14-15, 2013 - San Jose, CA. Part of the 2013 Identity Week (www.incommon.org/idweek) Are your campus stakeholders looking at cloud-based solutions? Are you experiencing challenges or do you have concerns with outsourcing email, storage, or other essential services? Are you concerned about the management and maintenance of an accurate, accountable identity inventory? Come learn about solutions being discussed and implemented across higher education.
KuppingerCole Information Risk & Security Summit 2014 Nov. 27-28, 2013, Frankfurt, Germany Taking place at the Frankfurter Innovationszentrum FIZ Conference Lab, the summit offers an unseen combination of thought leadership and interactive session formats, tackling the most demanding questions IT professionals are confronted with: How to support the extended and connected enterprise with brilliant services without taking too many big risks.