It's RSA week in San Francisco, so that means lots of announcements, even if they're only of the "I'm waving so you know I'm still here" variety. I fondly remember one such announcement from a few years ago that, in essence, said: "We added four new customers last quarter, none of whom you ever heard of. So we're not jumping the shark just yet." Actually, a press release like that means you have jumped the shark, and - as proof - that company wasn't around a year later.
Before getting to the RSA announcements, though, I’d like to point you to a fascinating panel discussion from Novell's recent Brainshare conference. Novell and Bandit Project engineer Dale Olds, Microsoft Identity Architect Kim Cameron, Ping ID CTO Patrick Harding and the Pamela Project’s Pam Dingle all got together (guided by Carolyn Ford from Novell’s product marketing team) to discuss “Open Source and User-centric Identity in the Enterprise,” a subject near and dear to my heart. I’d remarked that I was sorry I missed the session, so Novell’s friendly flakette, Charlotte Betterley, got it posted online just so I could watch it. At least, that’s what she said. Now you can watch it too and learn how user-centric identity can play in your enterprise.
Back to the RSA conference and it’s only right that the host gets to go first. RSA (and, as it keeps reminding me, the entity is now called “RSA, the security division of EMC”) is making two significant announcements. It has been very quiet lately, so this does show that it has at least been thinking about the identity space.
First, the company outlined its Identity Assurance platform. This will have four components: credential management, authentication, contextual authorization, and intelligence (well, we’ll hope there’s intelligence in all the modules, but what RSA means, it was explained to me, is that this intelligence provides knowledge back into the business, and the confidence to explore and exploit new business models and channels.) I’m particularly pleased to see contextual authorization included as a major, and separate, component.
What RSA means is that its software will enforce access control based on a specific risk and business context, according to set policy. The RSA platform will help customers manage access, federate identities, and enforce policies across Web resources, portals and applications. RSA claims to provide the right authentication at the right time while optimizing user experience. I can’t argue with that; let’s hope it can follow through. Get more details at the RSA Web site where you can see all of its announcements. There was another announcement from RSA, delivering on this platform promise, and we’ll look at that in the next issue.
Upcoming events from IdM Journal’s Events Calendar
The Liberty Alliance has three upcoming Webinars on the theme “Privacy in an Online, Web 2.0 World” . Details are:
* April 16 - Robin Wilton, corporate architect for Federated Identity, Sun and co-chair of the Liberty Alliance Public Policy Group, will review findings and next steps from the ongoing series of global Liberty Alliance privacy summits which bring together a diverse set of privacy stakeholders from the commercial, academic, legal and pubic sectors.
April 23 - Phil Hunt, director security standards, Oracle Identity Management, and lead developer of the IGF open source project at OpenLiberty.org, will provide an overview of the privacy benefits of the Liberty Identity Governance Framework (IGF), a policy-based organizational framework being standardized within Liberty Alliance and implemented in open source at OpenLiberty.org to protect personal identity information (PII) within and across enterprise networks.
April 30 - Byron Acohido and Jon Swartz, technology editors with USA Today, will review highlights from their new book "Zero Day Threat", which discusses the immediate and long-term security and privacy risks associated with online transactions, social networks and Web 2.0 technologies.