Microsoft SharePoint popularity comes with issues
Microsoft's SharePoint Server 2007 may be taking off in the enterprise, but the software doesn't come without holes, warts
and a variety of other issues that need to be addressed in any corporate deployment. More..
Catalyst keynote speaker: 'We need to think differently'
Last week was the annual Burton Group Catalyst Conference and, like last year, the announcements came fast and furious. There
were new products, new companies and even a new organization. It's going to take a few newsletters to cover them all, so I
better get started. First, though, I want to capture the overall theme and tone of the conference. More..
Risk now the target with identity management
Identity management is evolving to include a closer recognition of risk and how to manage it rather than trying to eliminate
it using technology, according to the head of the Burton Group consulting firm. More..
Hosted identity service breaks out
More..
Yahoo Mail vulnerability discovered, fixed, company says
Yahoo today said it has fixed a vulnerability discovered in Yahoo Mail that would have allowed an attacker to gain control
of the victim's Yahoo Identity. Security vendor Cenzic discovered the flaw last month and reported it to Yahoo, which fixed
it on June 13, according to the company. More..
Re-using employee ID numbers, or not
Sometimes a clarification succeeds only in further muddying the waters. That's what I did last week, not for the first time
either. Probably won't be the last, though. It's concerning that issue of re-using identifiers and re-using employee ID numbers.
At the risk of further muddying things, let's take a final look (for now) at the issues. More..
Sun upgrades Identity Manager software
Sun has released the next version of its provisioning software and deeply integrated it with role management tools as it continues
to push policy-based identity management. More..
Liberty releases guidelines for data management, handling
The Liberty Alliance has released the first versions of two key frameworks for how businesses can share and protect sensitive
data in their networks. More..
Provisioning/de-provisioning in the education sector
Provisioning/de-provisioning in the education sector. More..
Security firm finds server with health-care data
Security researchers with Finjan Software are seeing a growing thirst from cybercriminals for data other than credit-card
numbers, with the latest findings including servers containing passwords leading to heath-care records and airline systems
data. More..
Identity Bus discussion focuses on re-hires
Last week's newsletter about the Identity Bus raised a number of issues in the Network World forums, some of which I addressed
last newsletter. But there was another issue raised that deserves its own discussion. More..
Identity Bus topic sparks community discussion
Last week's newsletter re-visiting the Identity Bus contrasting virtual data storage with persistent data storage brought
forth a number of comments on the Network World Web site, which I’d like to address today. More..
Dealing with orphan accounts and de-provisioning
I want to add just a bit more on orphan accounts and de-provisioning before we move on to the next round of conferences (Burton's
Catalyst in two weeks, then next month's inaugural SSO Summit get together). More..
Microsoft opens TechEd with virtualization pitch to IT pros
Microsoft this morning opened its annual TechEd conference focusing on the merits of virtualization ahead of the late summer
release of its most important product to date in that area. More..
Microsoft releases first public beta of identity management server
Microsoft Tuesday filled in the blanks on its delayed identity management scorecard by releasing the first public beta of
Identity Lifecycle Manager 2.0. More..
CA jockeys for stronger position in security, management markets
CA launches a slew of products in its security and management portfolios to help customers better manage identities, software
licenses and compliance as well as take on heterogeneous virtual environments and automate IT processes. More..
Re-visiting the Identity Bus/Hub issue
Today I want to re-visit the Identity Bus/Hub issue, which is also caught up with the choice between completely virtual directories
and persistent storage metadirectories. More..
Researchers say notification laws not lowering ID theft
Over the past five years, 43 U.S. states have adopted data breach notification laws, but has all of this legislation actually
cut down on identity theft? Not according to researchers at Carnegie Mellon University who have published a state-by-state
analysis of data supplied by the U.S. Federal Trade Commission (FTC). More..
More laws, collaboration required for online safety
Washington state's attorney general is only half joking when he suggests that perhaps sites like Facebook and MySpace should
require members to use a credit card to sign up for access as a way to prove their identity. More..
Time to investigate orphaned accounts
De-provisioning is the act of removing access for a user's account while not necessarily removing the account (which most
likely will still be needed for a while for compliance auditing and other reasons). Almost all current provisioning software
includes modules to de-provision accounts, but that hasn't always been the case. As I noted in an article about the first
identity provisioning application, back in 1999, de-provisioning was in the road map for the second release. By now I'd expected
that a) just about everyone would have installed provisioning software; and b) most of those would include de-provisioning
as a feature. I was wrong. More..
Microsoft: CardSpace attack works but was too rigged
Microsoft is disputing that its CardSpace authentication management technology can be hacked despite a research paper that
outlines a proof-of-concept attack. More..
What's hot and what's not for role management
Roles are not necessary for governance, risk, compliance and entitlement (GRCE) management, just as roads aren't necessary
in order to drive cars. And just as it would be foolish to consider driving from, say, San Francisco to New York without using
roads so too would it be foolish to consider implementing GRCE management without roles. I was reminded of this when a press
release crossed my desk a couple of weeks ago. More..
Researchers breach Microsoft's CardSpace ID technology
A trio of computer security researchers say they've successfully compromised Microsoft's CardSpace, a technology intended
to strengthen the security of personal information on the Internet. More..
FTC halts pretexting operation connected to HP
A U.S. judge ordered a Florida business connected to the 2006 HP spying scandal to halt the sale of personal telephone records
and ordered defendants in the case to pay more than $605,000 after a complaint by the U.S. Federal Trade Commission. More..
Access Agents solve digital identity problems
In all the discussion of IBM's recent purchase of Encentuate, I seem to have concentrated on its effect on IBM/Tivoli customers
as well as on Passlogix, previous supplier of single sign-on technology for those customers. I've said very little about Encentuate,
though. Not that I'm going to do so today. (Although it does appear to be a good deal for that company) Instead, I want to
look at something that Peng Ong, the founder of Encentuate, said recently. More..
|
Does Verizon's Voyager stack up to the iPhone? |
5 IT skills that won't boost your salary 
[1,407]
Women 4 times more likely than men to cough up personal info [589]
Japan's 10 funniest tech-related commercials [Videos] [407]
Throwing away a promo CD is "unauthorized distribution"? [1,265]
Adults too quick to dismiss educational video games [682]
Attack of the iPhone clones [Slideshow] [578]
10 things IT needs to know about AJAX [1,258]
This Year's 25 Geekiest 25th Anniversaries [Slideshow] [409]
