Dave Birch (@dwgbirch) is one of the two people I read who really seem to get the intersection of digital identity and banking. (Peter Vander Auwera, @petervan, is the other.) Here he explains how if you don’t have cash, you need a reliable identity. (He credits Sir James Crosby with having coined this phrase.)
- Dave Birch: “Identity is the new Money”. Brilliant - I wish I’d said that
“If you know who all of the counterparties to a transaction are, and can establish their "credit" then there is no need for cash. Identity substitutes for cash: when I go into Waitrose and pay with my John Lewis MasterCard, it's an identity transaction. The terminal in Waitrose establishes that I have access to a line of credit that means that Waitrose will be paid. No actual money moves between my card and the Waitrose till. On the other hand, when I buy an apple from a market stall and pay for it with a pound coin, the stallholder doesn't need to waste any time or money trying to establish who I am, because he doesn't need to trust me. He just needs to trust the pound coin, which he self-assays. It's not that there are no counterfeit pound coins, because there are, but that there are too few of them to disrupt commerce (and, to be honest, if you give the smallholder a counterfeit coin and he later detects the fraud, he will probably just palm it off on someone else).”
There were many other items of interest to the identity community this week:
General
- IRS Intensifies National Crackdown on Identity Theft; Part of Wider Effort to Protect Taxpayers, Prevent Refund Fraud
“Continuing a year-long enforcement push against refund fraud and identity theft, the Internal Revenue Service today announced the results of a massive national sweep in recent weeks targeting identity theft suspects in 32 states and Puerto Rico, which involved 215 cities and surrounding areas. The coast-to-coast effort against 389 identity theft suspects led to 734 enforcement actions in January, including indictments, informations, complaints and arrests. The effort comes on top of a growing identity theft effort that led to 2,400 other enforcement actions against identity thieves during fiscal year 2012.” - Phil Hunt: OAuth2: Is OAuth the End of SAML? Or a New Opportunity?
“I mentioned in my year in review post that rather then spell the end of SAML, OAuth2 might in fact greatly expand SAML's adoption. Why is that?” - Ian Glazer: How to Deprovision a Pope in 6 Easy Steps
“Recent announcements got me thinking about how to deprovision executives such as a Pope. Never had to deprovision a Pope before? No worries. We’ve come up with a sure-fire 6 step process guaranteed to help you help your Pope incur a separation from payroll.” - Mary Ruddy: What Does Federated Identity Mean in a World of Modern Identity and Access Management?
“The forces of cloud, mobile devices, social media and electronic data (context) continue to drive new waves of change in the Identity and Access Management (IAM) space. (Gartner calls these forces the Nexus of Forces.) Originally the phrase “federated identity” meant that that partners could use their own logins to access enterprise resources, or an employee could access multiple systems from different without having to login multiple times using different credentials (Single Sign-On.)” - Don Thibeau: OpenID Foundation 2013 Community Board Member Election Results
“Thanks to all who voted for the board members who will represent the community at large on the OpenID Foundation Board of Directors. Nat Sakimura, John Bradley, Mike Jones and George Fletcher have been elected to two year terms. All are returning community board members, ensuring continuity and deep technical expertise to the Foundation. Henrik Biering was elected to a one-year term and together with Axel Nennker brings an important European perspective to our international adoption initiatives. The re-elected will join current community members Greg Keegstra and Axel Nennker, now serving the second years of their terms and sustaining corporate representatives; Pam Dingle of Ping Identity, Farhang Kassaei of PayPal, Tony Nadalin of Microsoft, Paul Agbabian of Symantec, Peter Tippett of Verizon, and Eric Sachs of Google on the board.” - Stephen Wilson: Technological imperialism
“Biometrics seems to be going gang busters in the developing world. I fear we're seeing a new wave of technological imperialism. In this post I will examine whether the biometrics field is mature enough for the lofty social goal of empowering the world's poor and disadvantaged with "identity".” - John Fontana: PayPal, Lenovo spearhead effort to kill passwords
“FIDO Alliance aligns smart devices, authentication but will its scope be broad enough and its appeal wide enough.” - Dave Kearns: Protecting who you are
“At last week’s Kaspersky Labs Analyst Summit, Chief Marketing Officer Alexander Erofeev said that for 2013 the phrase “protecting who you are” would be the theme for the company. This made me pause and think about what “who you are” means. Of course, as an Identity Management analyst my first thought was that it was identity, and identity attributes, that Erofeev was talking about. But further reflection (and the rest of his presentation) led me to understand that it’s really Information Stewardship that the company is leaning towards – even if they don’t use the term.” - Jackson Shaw: Your Password Is Obsolete
“I thought I would pass on this graphic I found at backgroudcheck.org!” - Phil Hunt: 3 Parts to Authentication
“At the IETF85 meeting in Atlanta, I ran into Phillip Hallam-Baker after a meeting on HTTP Authentication (you may recall, Phillip is one of the editors of RFC2617 - Basic and Digest Access Authentication). We were talking about how the term "authentication" is very poorly defined and means different things to different people and different service components.” - Identity Woman: Digital Agenda for Europe - Manifesto
“The Onlife Manifesto - being human in a hyperconnected era “ - Andrew Nash: Alpha Centauri, Identity and learning stuff
“Over the last couple of years I have been involved in a different type of Alpha, part of the UK Govt. Identity Assurance Programme (IDAP). These Alphas have a similar set of characteristics to Cen AB… The goal of the IDAP Alphas is to test a range of consumer identity propositions and see what happens. Many of our other identity efforts tend to fall into the category of large scale architectural and long term “meta everything” projects.” - John Fontana: Cybersecurity debate won't amount to a hill of default passwords
“The black hats are getting more sophisticated, but unfortunately the white hats are making the same old rookie mistakes” - Top 10 Reasons Valentines are Like Passwords
“Happy Valentine’s Day from the Okta team! We’ve had some fun thinking about chocolate, flowers and all things Enterprise Identity and came up with the Top 10 11 reasons valentines are like passwords. Enjoy!” - Mark Dixon: Identities and Relationships: Enable and Protect
“My thoughts for this post were triggered primarily by two items – me beginning to read “Emergence of the Relationship Economy” and reading Nishant Kauskik’s tweet Monday: Is Identity The New Perimeter? – http://t.co/gSQwni5d . Check out the article to see my answer. Hint: It might surprise you. #IAM” - Mark Dixon: Identities and Relationships
“In line with my post yesterday about viewing identities and relationships from the vantage points of “enabling” and “protecting,” I created three diagrams to illustrate how relationships between people and resources or other people provide the opportunity for value creation.” - Anil John: These Are Not The LOAs (1+,2+,3+) You Are Looking For. Move Along
“Requiring assurance commensurate with application or transaction risk has been a fundamental tenet when it comes to Levels of Assurance. In this blog post, I look at options to consider when there is a mismatch between assurance(s) available from token/identity/credential providers and the assurance needed by a relying party.”
[LinkedIn follow-up discussion: Looking for pointers to risk management practices of operational federations]
Technology
- Vittorio Bertocci: The Name claim: sometimes it’s the simple things
“In short: we just updated the list of claims we issue from Windows Azure AD to provide the UPN of the user (“user@domain”) in the Name claim (http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name). If it is present, WIF automatically assigns the value of the Name claim to the Name property of the Principal in the current thread. Why is that different from any other claims? Well, the Name property comes from the IPrincipal interface, which pre-dates claims support in .NET by many years. There’s a lot of existing code (ASP.NET templates, components, etc) which rely solely on IPrincipal for things such as displaying the name of the current user, keying profile stores, and similar. Therefore, issuing the Name claim means that all of that existing code relying on the Name property will work seamlessly out of the box, without the need for you to create explicit mappings between an arbitrary claim type and the Name property.”
Events
- James D. Robinson, Former American Express Chairman and CEO added to CSA Summit Keynote Lineup
“The Cloud Security Alliance (CSA) today announced the addition of James D. Robinson III as the closing keynote speaker at the annual CSA Summit 2013 being held at the RSA Conference on Monday, February 25th.” - Kantara Initiative to Appear at HIMSS13
“New Orleans welcomes the 2013 HIMSS Annual Conference and Exhibition, March 3-7, 2013, at the Ernest N. Morial Convention Center. More than 36,000 healthcare industry professionals are expected to attend to discuss health information technology issues and review innovative solutions designed to transform healthcare.” - SX GoLab Identity Biergarten
“Gluu
Saturday, March 9, 2013 from 5:00 pm to 8:30 pm (PST), Austin, TX
Insiders know that some of the most exciting and important events that take place in Austin, Tx., during this time of year are the ones that take place on the fringe of the marquee interactive festival that is happening in the middle of downtown Austin March 8 – 12. South by GoLab is THE event for technology-focused companies and the businesses that serve them. Think of South by GoLab as the off-Broadway show that generates as much or more excitement than the Broadway show.” - Cloud Identity Meetup
“Gluu, Monday, March 11, 2013 from 12:30 pm to 1:30 pm (PDT), Austin, Tx.
Join Gluu CEO & Founder Mike Schwartz for an official SXSW meetup and discussion on current Internet standards for identity from the IETF and other relevant organizations, including OAuth2 and OpenID Connect.” - 5th Federated identity management for research communities (FIM4R) Meeting
“Villigen (Switzerland), 20-21 March 2013
This workshop in the fifth in a series that started in summer 2011 to investigate Federated Identity Management for Research (FIM4R) collaborations.” - First eID-Network Conference
“Brussels, 20 March 2013
The first eID-Network Conference will be held on March 20th, 2013 in the Egmont Palace in Brussels, in close cooperation with the annual EPCA Payment Summit. The eID network conference focuses on eID in relation to online services toward persons, businesses and governments. We believe eID and related concepts are crucial for advancing e-business transactions, therefore we refer to this as ‘transactional eID’.” - Dan Whaley: I Annotate: A Workshop
“After two decades of progress in infrastructure and web technologies, we believe the time is finally at hand to realize the widespread annotation of human knowledge. On a recent call a suggestion was made to bring together people building annotation solutions with those that ultimately will use them. The obvious sensibility of that idea led a number of us to approach the Andrew W. Mellon Foundation for funding for a workshop, which they approved several weeks ago. We’re calling it I Annotate, and it will be April 10-12, here in San Francisco, at the Fort Mason Center.” - Internet Identity Workshop XVI #16 - 2013A
“Phil Windley, Kaliya Hamlin, & Doc Searls
Tuesday, May 7, 2013 at 8:00 am - Thursday, May 9, 2013 at 4:00 pm (PDT)
Mountain View, CA
Super Early Bird Ticket Feb 18, 2013” - European Identity & Cloud Conference 2013
“May 14 – 17, 2013 at the Dolce Ballhaus Forum Unterschleissheim, Munich/Germany.” - Call For Papers – Open Identity Summit 2013
“September 10th – 11th, 2013, Kloster Banz, Germany
Deadline for electronic submissions: May 15th, 2013
The aim of Open Identity Summit 2013 is to link practical experiences and requirements with academic innovations. Focus areas will be Research and Applications in the area of Identity Management and Open Source with a special focus on Cloud Computing.”
APIs
Cloud Computing
Mobile
- Ken van Wyk: The front lines of software security wars
“There are wars being fought out there, and not just the ones we hear about in the media. I'm talking about "software security wars", and nowhere are they more apparent than in the iOS jailbreaking scene. What's going on there is fascinating to watch as an outsider (or, I'll bet, as an insider!), and could well be paving the future of secure software.”
Valuable Identity
- Anil John: FFIEC and NIST Authentication Guidance: Does a Token Venn Diagram Exist?
“The two sets of authentication guidance created by the US Government that are widely used in the private sector are the Federal Financial Institutions Examination Council (FFIEC) authentication guidance to financial institutions, and the NIST Electronic Authentication Guideline. This blog post takes a look at a sub-set of the guidance that is focused on what each deems acceptable for authentication controls and tokens.”