Network World

Security Identity Management Alert

Dave Kearns provides the information you need to evaluate, install and maintain your corporate identity management system.

Search Security Identity Management Alert Free-email newsletter: Identity management news and resources from NetworkWorld.

IDaaS picks up steam: 07/02/09; The buzz around Identity as a Service is heating up. I'll be discussing this in an online Webinar later this month ("Externalizing Identity into the Cloud,") but there are a couple of things I want to mention today that should be of interest.
Imprivata advances sign-on technologies: 06/30/09; I had a chat with Imprivata CTO David Ting last week about the new Imprivata OneSign FastPass. It's interesting in its own right, but what grabbed me was something that's on the horizon for an upcoming release.
IBM upgrades Tivoli Identity Manager: 06/26/09; Lots of announcements hitting the wires over the past couple of weeks, so we'll do a quick roundup in this issue and the next, and then go in depth in later issues for the announcements that warrant it.
A look at the Kantara Initiative: 06/23/09; Last week, with great fanfare, the Kantara Initiative was announced. In a burst of bravado, the initial press release was headlined "Kantara Initiative Reshapes Global Identity Landscape Based on Industry-Wide Collaboration." But just what is this group?
A new definition of infrastructure: 06/19/09; A couple of weeks ago I used the abbreviation IaaS for "Identity as a Service". Some people (including my editor) wondered about the alternative IdaaS. I said I'd stick with IaaS, but a paper I just read leads me to change that.
Identity management defined: 06/16/09; There's an important new document available in the field of "user-centric" identity, and it's one I think we should all read.
Identity gets lost in the cloud: 06/12/09; With everyone seemingly caught up in cloud computing, I was struck by this quote from a CNN story: Microsoft's "newest Internet software and applications project, Next Generation Windows Services (NGWS), aims to provide services to businesses such as records storage, billing, personalization, voice-to-text translation and other capabilities delivered via the Internet rather than by way of a local server." Sounds like cloud-based computing, doesn't it?
Securing the cloud: 06/09/09; Everyone these days seems to want to talk about "the cloud". Cloud computing is the latest buzz phrase that all vendors seem to want to attach to their product. But, as I mentioned some weeks ago ("Identity management is key to the proper operation of cloud computing", proper identity management is often lacking in the rush to cloud-enable services and applications. While the Cloud Computing Manifesto (see that earlier newsletter) pays lip service to identity needs, what's actually happening in the marketplace?
What does Level of Assurance really mean?: 06/05/09; In one of the mailing lists I read (and I do read a ton of electronic bumpf in order to glean an enlightening paragraph or two), there's been a discussion lately of the phrase "Level of Assurance" (LoA) with at least one gentleman (well known in enterprise architecture circles, but who shall remain nameless here) trying to equate it with "trust" or even "level of trust" (a new coining, I think). So what does LoA really mean?
Start-up tackles identity-as-service: 06/02/09; The mantra of the federation generation could be "no corporation is an island" and that's been taken as the marketing slogan for a new identity-as-a-service start-up called "GLUU."
Hardware and identity management: 05/29/09; Those of you who know me know that I rarely get excited about hardware. And while I'll be telling you about two hardware companies in this newsletter, it isn't the hardware I want to talk about, but what these companies do with it.
ProtectServe in the IIW spotlight: 05/26/09; Speaking about signal to noise ration at last week's Internet Identity Workshop (as discussed in the last newsletter), the informality of the event can sometimes be very detrimental to the educational opportunities.
Giving the IIW another shot: 05/22/09; I headed off to the Computer History Museum in Mountain View, Calif., last week, for the latest instance of the Internet Identity Workshop. Some of you may recall that, after last fall's gathering (the IIW meets twice a year) I was less than enthusiastic. Still, people whose opinion I respect suggested I give it another chance. So I did.
Recognizing standards: 05/19/09; One of the highlights of the recent European Identity Conference was the conferring of the European Identity Awards, which recognize outstanding projects, innovations and additional developments in standards -- an area that should get even more recognition.
Maybe it should be "Human-centric identity": 05/18/09; Is the OpenID community making a fatal error when it assumes that an identifier always refers to a single, unique, human individual? That question arose on the OpenID general discussion list recently and the answers, to me at least, appear troubling
The regional, cultural and national differences of identity management: 05/13/09; Last week's European Identity Conference was, as always, a wonderful look at not only European advances in identity management, but what's happening worldwide. I had the opportunity to host panel discussions that included people from Germany, Holland, Sweden, Norway, France, Italy, the U.K., Belgium, Canada, the U.S., Australia and India. It's a wonderful way to discover that although identity management theory is pretty much the same the whole world over, the practice, or implementation, of that theory has many regional, cultural and national differences.
The feeling of greater security tempts us to be more reckless: 05/11/09; The recent newsletter - rant, really - about the National Institute of Standards and Technology (NIST) white paper on enterprise password management ('Managing' passwords doesn't make them less unsafe) elicited a number of comments, some not very complimentary.
Give users passwords they don't have to remember: 05/06/09; In the last issue we were talking about username/password technology for modern networks and how to "manage" them. My suggestion was to manage to boot the technology out the door.
'Managing' passwords doesn't make them less unsafe: 05/04/09; In his newsletter last week my colleague M.E. Kabay points us to a draft release of a new paper from the National Institute of Standards and Technology (NIST) called the "Guide to enterprise password management." Maybe next they'll draft guidelines for the proper use of buggy whips!
Oracle, Sun deal brings back the glory days of FUD: 04/29/09; Last issue I started talking about the Oracle acquisition of Sun and what it means to the identity management industry and, most importantly, the identity management customers. One issue that cropped up in my conversations with vendors, consultants and users surprised me, since I thought we were well beyond the glory days of FUD.
The biggest losers in the Oracle, Sun deal: 04/27/09; Last week was the annual RSA Conference, which was the reason for lots and lots of press releases being, well, released. Unfortunately (depending on your point of view), most of them got overlooked because two Silicon Valley "legends-in-their-own-time" shook hands on a blockbuster deal as Oracle agreed to purchase Sun.
Making contextual judgments about access before authentication: 04/22/09; Regular readers will know that I'm a big fan of context-based access. I like the idea of gathering as much context information as possible and using it for authentication and authorization as well as governance and entitlement. But suppose we could make contextual judgments about access even before authentication?
Siloed reputation management vs. small town reputation management: 04/20/09; Recently, I was talking about the relatively new identity management area of online reputation management. Some siloed reputation management systems were mentioned (e.g., eBay, Yelp, Trip Advisor), which are the ones always mentioned whenever identity management visionaries get together. But, in reality, what we're looking for goes back much farther than the online age.
Pimp my directory: 04/15/09; A reference came in just after I'd written last month's lament about the lack of new endeavors in the realm of directory services. I put it aside, but it's worth taking a look at now.
Identity management is key to the proper operation of cloud computing: 04/13/09; One of the hot buttons, or buzz phrases, these days is "cloud computing." Boiled down, it's just like client-server computing except: a) you don't own the server; b) you don't know where the server really is; and c) you may not even know where your data resides. All that aside, there remains the issues of authentication and authorization; provisioning; entitlement management; governance; compliance; risk management; single sign-on; and all of the other facets of identity management. Is anybody even thinking about those?